See: https://www.virustotal.com/nl/url/81fbdedae9372de9d34bde5fe3be0eec9519a6feacb5c495f364a12c50002b2b/analysis/1417965828/
Quttera gives list of blacklisted external links: 9 and 2 blacklisted domains: bzz.ucoz.com
counter.yadro.ru → Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
System Details:
Running on: uServ/3.2.2
Unable to properly scan your site. Site returning error: HTTP/1.1 500 Server Error
Malcode script using the src attribute used only for a javascript file path, to render the code the innerText property used:
http://jsunpack.jeek.org/?report=f9510fc808d54c671d4f920a652dd6b59ba4ba9b
link for security research only, open with NoScript active and inside a VM/sandbox.
Javascript check:Suspicious
ps:" : “http:”) + “//mc.yandex.ru/metrika/watch.js”;if (w.opera == “[object opera]”) { d.addeventlistener(“domcontentloaded”, f, false); …
Included scripts: Suspect - please check list for unknown includes
Suspicious Script:
ucoz dot com//.serr/js/core.js
.ru/hit;counter1?r"+escape(document.referrer)+((typeof(screen)==“undefined”)?“”:“;s”+screen.width+““+screen.height+””+(screen.colordepth?s
Code hick-up:
ajax.googleapis dot com/ajax/libs/jquery/1.10.2/jquery.min.js benign
[nothing detected] (script) ajax.googleapis dot com/ajax/libs/jquery/1.10.2/jquery.min.js
status: (referer=bzz.ucoz dot com/)saved 93100 bytes e2f3603e23711f6446f278a411d905623d65201e
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
suspicious:
According to scan results here the malcode has been closed: http://support.clean-mx.de/clean-mx/viruses.php?ip=213.174.157.134&sort=id%20DESC
but is alive here on this domain and fortunately detected by avast: https://www.virustotal.com/nl/file/fd7affd07afa5c68dd483c314ad7a1cecca70c6ab4093713c55c320a3cc575c0/analysis/
as Perl:Shellbot-O [Trj] → recent reports here: http://urlquery.net/report.php?id=1417966752747
polonus