Scanned pages/files
Request | Server response | Status |
http://texpribor.ru/ | 200 OK Content-Length: 28063 Content-Type: text/html | clean |
http://texpribor.ru/jscript/jquery/jquery.js | 200 OK Content-Length: 58479 Content-Type: application/x-javascript | clean |
http://texpribor.ru/jscript/jscript_JsHttpRequest.js | 200 OK Content-Length: 15535 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JsHttpRequest(){ var t=this; t.onreadystatechange=null; t.readyState=0; t.responseText=null; t.responseXML=null; t.status=200; t.statusText="OK"; t.responseJS=null; t.caching=false; t.loader=null; t.session_name="PHPSESSID"; t._ldObj=null; t._reqHeaders=[]; t._openArgs=null; t._errors={inv_form_el:"Invalid FORM element detected: name=%, tag=%",must_be_single_el:"If used, <form> must be a single HTML element in the list.", Antivirus reports:
| ||
http://texpribor.ru/jscript/jscript_ajax.js | 200 OK Content-Length: 3603 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function loadXMLDoc(ajax_page, put_vars, caching) { var url="./index_ajax.php?ajax_page=" + ajax_page; var req = new JsHttpRequest(); req.onreadystatechange = function() { if (req.readyState == 4) { if (req.responseJS) { for (var id in req.responseJS) { if (document.getElementById(id)) { document.getElementById(id).innerHTML = req.responseJS[id]; } } } if(typeof(AJAX_DEBUG) Antivirus reports:
| ||
http://texpribor.ru/jscript/jscript_ajax_cart.js | 200 OK Content-Length: 7829 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) SHOW_ADDED = 1; Offset_X = -10; Offset_Y = -30; function addHandler(object, event, handler) { if (typeof object.addEventListener != 'undefined') object.addEventListener(event, handler, false); else if (typeof object.attachEvent != 'undefined') object.attachEvent('on' + event, handler); else { var handlersProp = '_handlerStack_' + event; var eventProp = 'on' + event; if (typeof object[handlersProp] == 'undefined') { object[ha Antivirus reports:
| ||
http://texpribor.ru/index.php | 200 OK Content-Length: 27916 Content-Type: text/html | clean |
http://texpribor.ru/shopping_cart.php | 200 OK Content-Length: 27207 Content-Type: text/html | clean |
http://texpribor.ru/checkout_shipping.php | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 19:28:38 GMT Location: http://texpribor.ru/checkout_alternative.php Server: DataPalm/3.5 Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cookie_test=please_accept_for_session; expires=Tue, 07-Oct-2014 19:30:32 GMT; path=/; domain=texpribor.ru | clean |
http://texpribor.ru/checkout_alternative.php | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 19:28:38 GMT Location: http://texpribor.ru/shopping_cart.php Server: DataPalm/3.5 Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cookie_test=please_accept_for_session; expires=Tue, 07-Oct-2014 19:30:32 GMT; path=/; domain=texpribor.ru | clean |
http://texpribor.ru/test404page.js | 404 Not Found Content-Length: 351 Content-Type: text/html | clean |
http://texpribor.ru/login.php | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 19:30:34 GMT Location: http://texpribor.ru/cookie_usage.php Server: DataPalm/3.5 Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: cookie_test=please_accept_for_session; expires=Tue, 07-Oct-2014 19:30:33 GMT; path=/; domain=texpribor.ru | clean |
http://texpribor.ru/cookie_usage.php | 200 OK Content-Length: 28427 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=1 | 200 OK Content-Length: 46013 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=25 | 200 OK Content-Length: 49112 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=14 | 200 OK Content-Length: 75483 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=32 | 200 OK Content-Length: 48804 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=17 | 200 OK Content-Length: 37364 Content-Type: text/html | clean |
http://texpribor.ru/index.php?cat=27 | 200 OK Content-Length: 46454 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: texpribor.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 19:28:33 GMT
Server: DataPalm/3.5
Content-Type: text/html; charset=utf-8
Set-Cookie: cookie_test=please_accept_for_session; expires=Tue, 07-Oct-2014 19:30:26 GMT; path=/; domain=texpribor.ru
GET / HTTP/1.1
Host: texpribor.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Sep 2014 19:28:33 GMT
Server: DataPalm/3.5
Content-Type: text/html; charset=utf-8
Set-Cookie: cookie_test=please_accept_for_session; expires=Tue, 07-Oct-2014 19:30:26 GMT; path=/; domain=texpribor.ru
Second query (visit from search engine):
GET / HTTP/1.1
Host: texpribor.ru
Referer: http://www.google.com/search?q=texpribor.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: texpribor.ru
Referer: http://www.google.com/search?q=texpribor.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=texpribor.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://texpribor.ru/
Result: texpribor.ru is not infected or malware details are not published yet.
Result: texpribor.ru is not infected or malware details are not published yet.