Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://servism.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: servism.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Dec 2014 03:45:06 GMT Location: http://medicoikju.ru/ Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 305 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://servism.ru/ | 200 OK Content-Length: 9064 Content-Type: text/html | clean |
http://servism.ru/index.php | 200 OK Content-Length: 9064 Content-Type: text/html | clean |
http://servism.ru/index.php?option=com_content&task=blogsection&id=3&Itemid=18 | 200 OK Content-Length: 15581 Content-Type: text/html | clean |
http://servism.ru/index.php?option=com_content&task=blogsection&id=2&Itemid=17 | 200 OK Content-Length: 9021 Content-Type: text/html | clean |
http://servism.ru/index.php?option=com_content&task=blogsection&id=1&Itemid=16 | 200 OK Content-Length: 11073 Content-Type: text/html | clean |
http://servism.ru/index.php?option=com_frontpage&Itemid=15 | 200 OK Content-Length: 11077 Content-Type: text/html | clean |
http://servism.ru/index2.php?option=com_content&do_pdf=1&id=4 | 200 OK Content-Length: 1673 Content-Type: application/pdf | clean |
http://servism.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Wed, 10 Dec 2014 03:45:09 GMT Location: http://medicoikju.ru/ Server: nginx/0.7.67 Vary: Accept-Encoding Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 | clean |
http://medicoikju.ru/ | 500 Can't connect to medicoikju.ru:80 Content-Length: 188 Content-Type: text/plain | clean |
http://medicoikju.ru/test404page.js | 500 Can't connect to medicoikju.ru:80 Content-Length: 188 Content-Type: text/plain | clean |
http://servism.ru/index2.php?option=com_content&task=view&id=4&pop=1&page=0&Itemid=15 | 200 OK Content-Length: 4013 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- document.write('<div align="center" style="margin-top: 30px; margin-bottom: 30px;">'); document.write('<a href="#" onclick="javascript:window.close();"><span class="small">Çàêðûòü îêíî</span></a>'); document.write('</div>'); Antivirus reports:
| ||
http://servism.ru/index2.php?option=com_content&task=emailform&id=4 | 200 OK Content-Length: 2523 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function submitbutton() { var form = document.frontendForm; if (form.email.value == "" || form.youremail.value == "") { alert( 'Âû äîëæíû ïðàâèëüíî ââåñòè ñâîé e-mail è e-mail ïîëó÷àòåëÿ ýòîãî ïèñüìà.' ); return false; } return true; } Antivirus reports:
| ||
http://servism.ru/index.php?option=com_frontpage&Itemid=1 | 200 OK Content-Length: 9064 Content-Type: text/html | clean |
http://servism.ru/index.php?option=com_content&task=blogcategory&id=18&Itemid=21 | 200 OK Content-Length: 10414 Content-Type: text/html | clean |
http://servism.ru/index2.php?option=com_content&do_pdf=1&id=18 | 200 OK Content-Length: 1498 Content-Type: application/pdf | clean |
http://servism.ru/index2.php?option=com_content&task=view&id=18&pop=1&page=0&Itemid=21 | 200 OK Content-Length: 3320 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- document.write('<div align="center" style="margin-top: 30px; margin-bottom: 30px;">'); document.write('<a href="#" onclick="javascript:window.close();"><span class="small">Çàêðûòü îêíî</span></a>'); document.write('</div>'); Antivirus reports:
| ||
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=servism.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://servism.ru/
Result: servism.ru is not infected or malware details are not published yet.
Result: servism.ru is not infected or malware details are not published yet.