Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://umedt.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: umedt.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 28 Aug 2014 02:41:21 GMT Location: http://changedivstyle.ru/vis/index.php Server: nginx/1.4.4 Content-Length: 408 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://umedt.com/ | 200 OK Content-Length: 57557 Content-Type: text/html | clean |
http://umedt.com/main.js | HTTP/1.1 302 Found Connection: close Date: Thu, 28 Aug 2014 02:41:22 GMT Location: http://changedivstyle.ru/vis/index.php Server: nginx/1.4.4 Content-Length: 384 Content-Type: text/html; charset=iso-8859-1 | clean |
http://changedivstyle.ru/vis/index.php | 500 Can't connect to changedivstyle.ru:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://changedivstyle.ru/test404page.js | 500 Can't connect to changedivstyle.ru:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://umedt.com/ajax.php?ajaxagent=js&this_url=ajax.php | 200 OK Content-Length: 8779 Content-Type: text/html | clean |
http://umedt.com/inc/lib/lightview/js/prototype.js | 200 OK Content-Length: 47714 Content-Type: application/x-javascript | clean |
http://umedt.com/inc/lib/lightview/js/scriptaculous.js?load=effects | 200 OK Content-Length: 1335 Content-Type: application/x-javascript | clean |
http://umedt.com/inc/lib/lightview/js/lightview.js | 200 OK Content-Length: 28566 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Lightview = { Version: '2.2.6', options: { backgroundColor: '#ffffff', border: 12, buttons: { opacity: { disabled: 0.4, normal: 0.65, hover: 1 }, side: { display: true }, innerPreviousNext: { display: true }, sl Antivirus reports:
| ||
http://www.google-analytics.com/ga.js | 200 OK Content-Length: 40754 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=umedt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://umedt.com/
Result: umedt.com is not infected or malware details are not published yet.
Result: umedt.com is not infected or malware details are not published yet.