Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=avtobos.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://avtobos.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://avtobos.ru/ | 200 OK Content-Length: 54254 Content-Type: text/html | clean |
http://avtobos.ru/media/system/js/caption.js | 200 OK Content-Length: 6900 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://avtobos.ru/templates/car_city_v1/script.js | 200 OK Content-Length: 16069 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) cssFix = function(){ var u = navigator.userAgent.toLowerCase(), addClass = function(el, val){ if(! el.className) { el.className = val; } else { var newCl = el.className; newCl+=(' '+val); el.className = newCl; } }, is = function(t){return (u.indexOf(t)!=-1)}; addClass(document.getElementsByTagName('html')[0],[ (!(/opera|webtv/i.test(u))&&/msie (\d)/.test(u))?('ie ie'+RegExp.$1) : is(' Antivirus reports:
| ||
http://avtobos.ru/2012-10-09-10-55-22.html | 200 OK Content-Length: 66799 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-55-43.html | 200 OK Content-Length: 115215 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-56-42.html | 200 OK Content-Length: 72258 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-57-09.html | 200 OK Content-Length: 122859 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-57-09/1019-ford-windstar-vetrenaya-zvezda.html | 200 OK Content-Length: 42050 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-57-09/1049-mercedes-benz-e-class-relaksator.html | 200 OK Content-Length: 36353 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-57-09/1031-subaru-forester-a-potom-prishel-lesnik.html | 200 OK Content-Length: 65370 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-56-42/1047-na-dorogax-poyavilis-avtopodstavlyaly-na-mercedes-ml.html | 200 OK Content-Length: 23949 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-55-22/1038-u-mogilova-planuyut-vidbirati-u-vodiÑv-avtomobili.html | 200 OK Content-Length: 24629 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-56-42/1009-kompaniya-mts-zapustila-servis-po-oplate-shtrafov-pdd-s-mobilnogo-telefona.html | 200 OK Content-Length: 24831 Content-Type: text/html | clean |
http://avtobos.ru/2012-10-09-10-55-43/998-mercedes-m-klass-pervyj-raz-v-m-klass.html | 200 OK Content-Length: 45394 Content-Type: text/html | clean |
http://avtobos.ru/home/976-v-2012-godu-vyjdet-novoe-pokolenie-bmw-1-series.html | 200 OK Content-Length: 26118 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: avtobos.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 16 May 2014 01:05:14 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 16 May 2014 01:05:14 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1cde5b45d4981032f4371d1806a83419=e14e764fe8e26628a9d071274e5a0bf4; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: avtobos.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 16 May 2014 01:05:14 GMT
Pragma: no-cache
Server: nginx/1.2.9
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 16 May 2014 01:05:14 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1cde5b45d4981032f4371d1806a83419=e14e764fe8e26628a9d071274e5a0bf4; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: avtobos.ru
Referer: http://www.google.com/search?q=avtobos.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: avtobos.ru
Referer: http://www.google.com/search?q=avtobos.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.