Scanned pages/files
Request | Server response | Status |
http://shubashop.com/ | 200 OK Content-Length: 95141 Content-Type: text/html | clean |
http://shubashop.com/js/clearbox.js?config=default | 200 OK Content-Length: 12141 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var CB_ScriptDir='/js/clearbox'; var CB_Language='en'; var CB_Scripts = document.getElementsByTagName('script'); for(i=0;i<CB_Scripts.length;i++){ if (CB_Scripts[i].getAttribute('src')){ var q=CB_Scripts[i].getAttribute('src'); if(q.match('clearbox.js')){ var url = q.split('clearbox.js'); var path = url[0]; var query = url[1].substring(1); var pars = query.split('&'); for(j=0; j<pars.length; j++) { par = Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?2432306 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://shubashop.com/test404page.js | 404 Not Found Content-Length: 2315 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shubashop.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 03:01:32 GMT
Accept-Ranges: bytes
ETag: "173a5-49ed7f1661900"
Server: nginx
Vary: Accept-Encoding
Content-Language: ru
Content-Length: 95141
Content-Type: text/html
Last-Modified: Sat, 19 Mar 2011 15:56:52 GMT
X-MJ-Serve-Req-Time: D=12984 usec
X-MJ-Upstream-Addr: 10.10.0.27:81
...95141 bytes of data.
GET / HTTP/1.1
Host: shubashop.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 03:01:32 GMT
Accept-Ranges: bytes
ETag: "173a5-49ed7f1661900"
Server: nginx
Vary: Accept-Encoding
Content-Language: ru
Content-Length: 95141
Content-Type: text/html
Last-Modified: Sat, 19 Mar 2011 15:56:52 GMT
X-MJ-Serve-Req-Time: D=12984 usec
X-MJ-Upstream-Addr: 10.10.0.27:81
...95141 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: shubashop.com
Referer: http://www.google.com/search?q=shubashop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shubashop.com
Referer: http://www.google.com/search?q=shubashop.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shubashop.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shubashop.com/
Result: shubashop.com is not infected or malware details are not published yet.
Result: shubashop.com is not infected or malware details are not published yet.