Scanned pages/files
Request | Server response | Status |
http://airb.ru/ | 200 OK Content-Length: 14485 Content-Type: text/html | clean |
http://airb.ru/javascript/JsHttpRequest/JsHttpRequest.js | 200 OK Content-Length: 17032 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) isDOM = document.getElementById isOpera = isOpera5=window.opera && isDOM isOpera6 = isOpera && window.print isOpera7 = isOpera && document.readyState isMSIE = document.all && document.all.item && !isOpera isMSIE5 = isDOM && isMSIE isNetscape4 = document.layers isMozilla = isDOM && navigator.appName=="Netscape" function JsHttpRequest(){ var t=this; t.onreadystatechange=null; t.readyState=0; t.responseText=null; t Antivirus reports:
| ||
http://airb.ru/javascript/hints.js | 200 OK Content-Length: 6402 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var currentForum=null, currentTopic=null, clickLeft, clickTop; window.onload=processHints; var hintWidth=400; function processHints() { document.body.onload=null; var spans=document.getElementsByTagName('span'), i, currentFirst, currentLast; var span=document.createElement('span'); span.className ='spaninfo'; var first=span.cloneNode(true); first.innerHTML='«'; first.setAttribute('title', LANG.firstTitle); var last=span.cloneNode(true); l Antivirus reports:
| ||
http://airb.ru/index.php | 200 OK Content-Length: 14485 Content-Type: text/html | clean |
http://airb.ru/tools.php?action=help | 200 OK Content-Length: 12821 Content-Type: text/html | clean |
http://airb.ru/search.php | 200 OK Content-Length: 6411 Content-Type: text/html | clean |
http://airb.ru/tools.php?action=members | 200 OK Content-Length: 7856 Content-Type: text/html | clean |
http://airb.ru/loginout.php | 200 OK Content-Length: 5203 Content-Type: text/html | clean |
http://airb.ru/register.php | 200 OK Content-Length: 2650 Content-Type: text/html | clean |
http://airb.ru/test404page.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://airb.ru/tools.php?action=rules | 200 OK Content-Length: 15400 Content-Type: text/html | clean |
http://airb.ru/profile.php?action=lostpassword | 200 OK Content-Length: 4942 Content-Type: text/html | clean |
http://airb.ru/profile.php?action=show&member=1 | 200 OK Content-Length: 8327 Content-Type: text/html | clean |
http://airb.ru/topic.php?forum=1&topic=11 | 200 OK Content-Length: 25942 Content-Type: text/html | clean |
http://airb.ru/javascript/board.js | 200 OK Content-Length: 2999 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function PostId(a,postid){ var result = a.href.match(/^(.+\/topic\.php\?forum=\d+\&topic=\d+)/i); prompt (LANG.ThisPostWWW,result[1]+'&postid='+postid+'#'+ postid); return false; } function Karma(act, userid) { JsHttpRequest.query('jsloader.php?loader=karma', {action: act, user: userid}, function (data, text) { alert(text);if (data.error == 0) {var spans = document.getElementsByTagName("SPAN");for (var i=0; i < spans.length; i++) {var span = spans[i];if Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: airb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 12 Jan 2015 00:03:53 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0def0a7db67014b5793f7b7a6c290fd9; path=/
Set-Cookie: lastvisit=1421021028; expires=Tue, 12-Jan-2016 00:03:48 GMT; path=/
GET / HTTP/1.1
Host: airb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 12 Jan 2015 00:03:53 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0def0a7db67014b5793f7b7a6c290fd9; path=/
Set-Cookie: lastvisit=1421021028; expires=Tue, 12-Jan-2016 00:03:48 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: airb.ru
Referer: http://www.google.com/search?q=airb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: airb.ru
Referer: http://www.google.com/search?q=airb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=airb.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://airb.ru/
Result: airb.ru is not infected or malware details are not published yet.
Result: airb.ru is not infected or malware details are not published yet.