Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://indianmobileprices.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: indianmobileprices.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 15 Oct 2015 11:22:26 GMT Location: http://belay-one.ru/bio/invest.php Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 242 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://indianmobileprices.com/ | 200 OK Content-Length: 70692 Content-Type: text/html | clean |
http://cdn.webrupee.com/js | 500 Can't connect to cdn.webrupee.com:80 (Ð Ñоединении оÑказано) Content-Length: 222 Content-Type: text/plain | clean |
http://cdn.webrupee.com/test404page.js | 500 Can't connect to cdn.webrupee.com:80 (Ð Ñоединении оÑказано) Content-Length: 222 Content-Type: text/plain | clean |
http://www.indianmobileprices.com/assets/js/boxOver.js | 200 OK Content-Length: 10863 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js | 200 OK Content-Length: 85925 Content-Type: text/javascript | clean |
http://www.indianmobileprices.com/assets/js/jquery.colorbox.js | 200 OK Content-Length: 26239 Content-Type: application/javascript | clean |
http://www.indianmobileprices.com/assets/js/slidedeck.jquery.lite.pack.js | 200 OK Content-Length: 10737 Content-Type: application/javascript | clean |
http://apis.google.com/js/plusone.js | 200 OK Content-Length: 13269 Content-Type: application/javascript | clean |
http://www.indianmobileprices.com/assets/js/jquery-ui.custom.min.js?v=1.8 | 200 OK Content-Length: 6113 Content-Type: application/javascript | clean |
http://www.indianmobileprices.com/assets/js/jquery.uni-form.js?v=1.3 | 200 OK Content-Length: 1439 Content-Type: application/javascript | clean |
http://www.indianmobileprices.com/assets/js/jquery.ui.stars.js?v=3.0.0b38 | 200 OK Content-Length: 8593 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.widget('ui.stars', { options: { inputType: 'radio', split: 0, disabled: false, cancelTitle: 'Cancel Rating', cancelValue: 0, cancelShow: true, disableValue: true, oneVoteOnly: false, showTitles: false, captionEl: null, callback: null, starWidth: 16, cancelClass: 'ui-stars-cancel', starClass: 'ui-stars-star', starOnClass: 'ui-stars-star-on', starHoverClass: 'ui-stars-star-hover', starDisabl this.$stars.unbind('.stars').remove(); this.$value.remove(); this.element.unbind('.stars').html(this.element.data('former.stars')).removeData('stars'); return this; }, callback: function(e, type) { var o = this.options; o.callback && o.callback(this, type, o.value, e); o.oneVoteOnly && !o.disabled && this.disable(); } }); $.extend($.ui.stars, { version: '3.0.1' }); })(jQuery); Antivirus reports:
| ||
http://www.indianmobileprices.com/assets/js/jquery.dependClass.js | 200 OK Content-Length: 1378 Content-Type: application/javascript | clean |
http://www.indianmobileprices.com/assets/js/jquery.slider-min.js | 200 OK Content-Length: 15165 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 28192 Content-Type: text/javascript | clean |
http://widgets.twimg.com/j/2/widget.js | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=indianmobileprices.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://indianmobileprices.com/
Result: indianmobileprices.com is not infected or malware details are not published yet.
Result: indianmobileprices.com is not infected or malware details are not published yet.