Scanned pages/files
Request | Server response | Status |
http://gps2din.ru/ | 200 OK Content-Length: 21476 Content-Type: text/html | clean |
http://gps2din.ru/fileadmin/scripts/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://gps2din.ru/fileadmin/scripts/js/jquery-ui-1.7.2.custom.min.js | 200 OK Content-Length: 192628 Content-Type: application/x-javascript | clean |
http://gps2din.ru/fileadmin/scripts/js/star-rating/jquery.rating.js | 200 OK Content-Length: 14222 Content-Type: application/x-javascript | clean |
http://gps2din.ru/fileadmin/scripts/js/jquery.innerfade.js | 200 OK Content-Length: 3965 Content-Type: application/x-javascript | clean |
http://gps2din.ru/fileadmin/scripts/js/app_main.js | 200 OK Content-Length: 584 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() {
$('.hmenu li.submenu').bind('mouseenter', function() { $('div.submenu').css('display', 'block'); }); $('.hmenu li.normal').bind('mouseenter', function() { $('div.submenu').css('display', 'none'); }); $('div.submenu').bind('mouseleave', function() { $('div.submenu').css('display', 'none'); }); $('.star-rating').rating(); $('#keyvisual-images').innerfade({ speed: 1000, timeout: 1000, type: 'sequence', containerheight: '400px' }); }); Antivirus reports:
| ||
http://gps2din.ru/typo3temp/javascript_a1cb3a5978.js | 200 OK Content-Length: 951 Content-Type: application/x-javascript | clean |
http://gps2din.ru/fileadmin/templates/js/popup.js | 200 OK Content-Length: 2018 Content-Type: application/x-javascript | clean |
http://gps2din.ru/typo3conf/ext/xajax/xajax_js/xajax.js | 200 OK Content-Length: 16668 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?15 | 200 OK Content-Length: 63942 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 98170 Content-Type: application/javascript | clean |
http://gps2din.ru/Produkcija.6.0.html | 200 OK Content-Length: 10513 Content-Type: text/html | clean |
http://gps2din.ru/fileadmin/scripts/js/app.js | 200 OK Content-Length: 398 Content-Type: application/x-javascript | clean |
http://gps2din.ru/FAQ.7.0.html | 200 OK Content-Length: 16989 Content-Type: text/html | clean |
http://gps2din.ru/Oplata-i-dostavka.76.0.html | 200 OK Content-Length: 11483 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gps2din.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 07 May 2014 20:27:56 GMT
Pragma: no-cache
Via: 1.0 u6070.netangels.ru:80 (squid/2.6.STABLE5)
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8g
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: fe_typo_user=52389c95a315370297435ff8d7daf41e; path=/
Set-Cookie: PHPSESSID=5aede4bf50deeaee796a909e00383ec0; path=/
X-Cache: MISS from u6070.netangels.ru
X-Cache-Lookup: MISS from u6070.netangels.ru:80
X-Powered-By: PHP/5.2.5
GET / HTTP/1.1
Host: gps2din.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 07 May 2014 20:27:56 GMT
Pragma: no-cache
Via: 1.0 u6070.netangels.ru:80 (squid/2.6.STABLE5)
Server: Apache/2.2.3 (Debian) mod_ssl/2.2.3 OpenSSL/0.9.8g
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: fe_typo_user=52389c95a315370297435ff8d7daf41e; path=/
Set-Cookie: PHPSESSID=5aede4bf50deeaee796a909e00383ec0; path=/
X-Cache: MISS from u6070.netangels.ru
X-Cache-Lookup: MISS from u6070.netangels.ru:80
X-Powered-By: PHP/5.2.5
Second query (visit from search engine):
GET / HTTP/1.1
Host: gps2din.ru
Referer: http://www.google.com/search?q=gps2din.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gps2din.ru
Referer: http://www.google.com/search?q=gps2din.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gps2din.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gps2din.ru/
Result: gps2din.ru is not infected or malware details are not published yet.
Result: gps2din.ru is not infected or malware details are not published yet.