- Joined
- Dec 27, 2008
- Messages
- 587 (0.10/day)
System Name | PC |
---|---|
Processor | i5 2500k |
Motherboard | P8Z68-V PRO/GEN3 |
Cooling | Fans |
Memory | DDR3-1600 (8GB) |
Video Card(s) | Sapphire Nitro+ RX 580 |
Storage | HD103SJ |
Display(s) | XG2402 |
Case | Xigmatek Midgard II |
Power Supply | PC Power & Cooling Silencer 750W |
Happened upon this while I was reading about a certain drug. I think the site is legitimate, but is the modus operandi here that the malicious party leaves the site looking normal so it takes longer for the webmaster to be alerted to it?
International Academy of Law and Mental Health
http://www.ialmh.org/template.cgi - *LINKS ON THIS SITE MAY BE COMPROMISED*
Internet Officer Redirect Checker:
Checked link: http://www.ialmh.org/otc
Type of redirect: 301 Moved Permanently
Redirected to: http://www.ialmh.org/otc/
---------------------------------------
Checked link: http://www.ialmh.org/otc/
Type of redirect: 302 Found
Redirected to: http://www.ialmh.org/temp/r.php
--------------------------------------
Checked link: http://www.ialmh.org/temp/r.php
Type of redirect: “meta refresh” redirect after 2 seconds
Redirected to: http://otc-med-pharm.com/
--------------------------------------
Source of r.php
So is it "r" for "refresh", "redirect", or "Russian"?
Also, I know Yandex is a widely-used search engine in Russia and is safe, and the script is kind of like Google Metrics (correct me if I'm wrong), but I don't think what's going on here is exactly correct.
Edit: I didn't exactly make my purpose for posting this clear. Should the webmaster be contacted about this? There is a link to contact them, but I'm a bit reluctant because I'm unsure of where my email might actually be going. Could that be compromised as well?
International Academy of Law and Mental Health
http://www.ialmh.org/template.cgi - *LINKS ON THIS SITE MAY BE COMPROMISED*
Internet Officer Redirect Checker:
Checked link: http://www.ialmh.org/otc
Type of redirect: 301 Moved Permanently
Redirected to: http://www.ialmh.org/otc/
---------------------------------------
Checked link: http://www.ialmh.org/otc/
Type of redirect: 302 Found
Redirected to: http://www.ialmh.org/temp/r.php
--------------------------------------
Checked link: http://www.ialmh.org/temp/r.php
Type of redirect: “meta refresh” redirect after 2 seconds
Redirected to: http://otc-med-pharm.com/
--------------------------------------
Source of r.php
Code:
<script src="//mc.yandex.ru/metrika/watch.js" type="text/javascript"></script>
<script type="text/javascript">
try { var yaCounter20997100 = new Ya.Metrika({id:20997100});
} catch(e) { }
</script>
<b>One moment...</b>
<meta http-equiv='refresh' content='2; url=http://otc-med-pharm.com/'>
So is it "r" for "refresh", "redirect", or "Russian"?
Also, I know Yandex is a widely-used search engine in Russia and is safe, and the script is kind of like Google Metrics (correct me if I'm wrong), but I don't think what's going on here is exactly correct.
Edit: I didn't exactly make my purpose for posting this clear. Should the webmaster be contacted about this? There is a link to contact them, but I'm a bit reluctant because I'm unsure of where my email might actually be going. Could that be compromised as well?
Last edited: