Scanned pages/files
Request | Server response | Status |
http://kusochi.ucoz.ru/ | 200 OK Content-Length: 34963 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://s10.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s10.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s10.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://kusochi.ucoz.ru/index/0-3 | 200 OK Content-Length: 13528 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://kusochi.ucoz.ru/blog | 200 OK Content-Length: 8338 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://kusochi.ucoz.ru/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://kusochi.ucoz.ru/news/detstvo_maksim_gorkij/2015-02-04-429 | 200 OK Content-Length: 14663 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://s10.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=0kusochi | 200 OK Content-Length: 524 Content-Type: application/javascript | clean |
http://s10.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://kusochi.ucoz.ru/search/?q=ÐеÑÑÑво - ÐакÑим ÐоÑÑкий&m=blog | HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Fri, 05 Jun 2015 10:05:59 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 0kusochiuCoz=; path=/; expires=Wed, 05-Jun-2013 10:06:00 GMT; domain=.kusochi.ucoz.ru; Set-Cookie: 0kusochiuzll=1433498760; path=/; expires=Sat, 04-Jun-2016 10:06:00 GMT; domain=.kusochi.ucoz.ru; | clean |
http://keitb.ru/1325?charset=utf-8&keyword=ÐеÑÑÑво | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Fri, 05 Jun 2015 10:05:59 GMT Pragma: no-cache Location: http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&size=0&ext=zip&sid=178153237&key=%D0%94%D0%B5%D1%82%D1%81%D1%82%D0%B2%D0%BE Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Fri, 05 Jun 2015 10:05:59 GMT | clean |
http://kered.ru/lim/redirect.php?site=14&page=lending&type=book&size=0&ext=zip&sid=178153237&key=%d0%94%d0%b5%d1%82%d1%81%d1%82%d0%b2%d0%be | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 05 Jun 2015 10:05:59 GMT Location: http://dl02.loadingicc.name?page=lending&type=book&size=0&ext=zip&sid=178153237&key=%D0%94%D0%B5%D1%82%D1%81%D1%82%D0%B2%D0%BE Server: nginx Content-Type: text/html; charset=UTF-8 | clean |
http://dl02.loadingicc.name?page=lending&type=book&size=0&ext=zip&sid=178153237&key=%d0%94%d0%b5%d1%82%d1%81%d1%82%d0%b2%d0%be/ | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Fri, 05 Jun 2015 10:06:00 GMT Pragma: no-cache Location: /?page=lending&type=book&size=0&ext=zip&key=%D0%94%D0%B5%D1%82%D1%81%D1%82%D0%B2%D0%BE%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Mon, 08 Jun 2015 10:06:00 GMT Set-Cookie: PHPSESSID=m1sj2gv5rq465el4unn31bqbv6; path=/ X-Powered-By: PHP/5.3.10 | clean |
http://dl02.loadingicc.name?page=lending&type=book&size=0&ext=zip&sid=178153237&key=%d0%94%d0%b5%d1%82%d1%81%d1%82%d0%b2%d0%be/?page=lending&type=book&size=0&ext=zip&key=%d0%94%d0%b5%d1%82%d1%81%d1%82%d0%b2%d0%be%2f | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Fri, 05 Jun 2015 10:06:00 GMT Pragma: no-cache Location: /?page=lending&type=book&size=0&ext=zip&key=%D0%94%D0%B5%D1%82%D1%81%D1%82%D0%B2%D0%BE%2F Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Mon, 08 Jun 2015 10:06:00 GMT Set-Cookie: PHPSESSID=in7odr9c8tdur00hgscfl0a252; path=/ X-Powered-By: PHP/5.3.10 | clean |
http://kusochi.ucoz.ru/news/tron_ljucifera_kratkie_ocherki_magii_i_okkultizma_eremej_parnov/2015-02-03-70 | 200 OK Content-Length: 16239 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) f=0;while(f<89)document.write(String.fromCharCode('=tdsjqu?!wbs!ejw!>!epdvnfou/hfuFmfnfoutCzUbhObnf)(ejw(*\\1^<!ejw/joofsIUNM!>!((<!=0tdsjqu?'.charCodeAt(f++)-1)) Antivirus reports:
| ||
http://kusochi.ucoz.ru/search/?q=ТÑон ÐÑÑиÑеÑа. ÐÑаÑкие оÑеÑки магии и оккÑлÑÑизма - ÐÑемей ÐаÑнов&m=blog | HTTP/1.1 200 OK Cache-Control: no-cache Cache-Control: no-store Cache-Control: private Connection: close Date: Fri, 05 Jun 2015 10:06:01 GMT Pragma: no-cache Server: uServ/3.2.2 Content-Type: text/html; charset=UTF-8 Set-Cookie: 0kusochiuCoz=; path=/; expires=Wed, 05-Jun-2013 10:06:02 GMT; domain=.kusochi.ucoz.ru; Set-Cookie: 0kusochiuzll=1433498762; path=/; expires=Sat, 04-Jun-2016 10:06:02 GMT; domain=.kusochi.ucoz.ru; | clean |
http://keitb.ru/1325?charset=utf-8&keyword=ТÑон | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Fri, 05 Jun 2015 10:06:01 GMT Pragma: no-cache Location: http://kered.ru/lp/?r=8398&q=%D0%A2%D1%80%D0%BE%D0%BD&service=Book-Files Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Fri, 05 Jun 2015 10:06:01 GMT | clean |
http://kered.ru/lp/?r=8398&q=%d0%a2%d1%80%d0%be%d0%bd&service=book-files | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 05 Jun 2015 10:06:01 GMT Location: http://bu4k-filueus.kadrom.pp.ua/?z=eNorsrUwtrRQK7RVdTFQdTRSdTFUtTAAsZ1cwaQLAICMB0E%3D Server: nginx Content-Type: text/html; charset=UTF-8 | clean |
http://bu4k-filueus.kadrom.pp.ua/?z=enorsruwtrrqk7rvdtfqdtrsdtfuttaasz1cwaqlaicmb0e%3d | 200 OK Content-Length: 70277 Content-Type: text/html | clean |
http://bu4k-filueus.kadrom.pp.ua/js/jquery.min.js | 200 OK Content-Length: 93867 Content-Type: application/x-javascript | clean |
http://kusochi.ucoz.ru/js/selectbox.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://kusochi.ucoz.ru/js/ext.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kusochi.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Jun 2015 10:05:57 GMT
Server: uServ/3.2.2
Content-Length: 34963
Content-Type: text/html; charset=UTF-8
...34963 bytes of data.
GET / HTTP/1.1
Host: kusochi.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 05 Jun 2015 10:05:57 GMT
Server: uServ/3.2.2
Content-Length: 34963
Content-Type: text/html; charset=UTF-8
...34963 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kusochi.ucoz.ru
Referer: http://www.google.com/search?q=kusochi.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kusochi.ucoz.ru
Referer: http://www.google.com/search?q=kusochi.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kusochi.ucoz.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kusochi.ucoz.ru/
Result: kusochi.ucoz.ru is not infected or malware details are not published yet.
Result: kusochi.ucoz.ru is not infected or malware details are not published yet.