Malicous redirect on site?

Viruses and worms
1

Nothing here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fintervest21.ru%2Fuslugi
But redirecting here: http://2013-ru.com/1119228701z/mario3D/ is in Dr.Web malicious sites list!

polonus

2

REDIRECT SITE:

ScanURL gives red light: We recommend that you do not visit the specified website/URL (or do so with caution). One or more services we checked with below report that it may be suspicious.

Blacklisted by 3 lists: https://www.virustotal.com/en/url/4b31e0f8f321e0ddf5260aaa2a718319b07144a036d13c70f7318b20cf6a0391/analysis/1382801726/

Dangerous by Trend Micro: http://global.sitesafety.trendmicro.com/result.php

URLQuery: http://urlquery.net/report.php?id=7176383

Quettra: http://www.quttera.com/detailed_report/2013-ru.com (Clean)

Zulu: http://zulu.zscaler.com/submission/show/5cf5773896fda1867afd5f8ce2e5d79b-1382801818

Blacklist check: http://whatismyipaddress.com/blacklist-check (Put in this IP: 93.170.107.72)

Site is blocked by Bitdefender-Trafficlight.

3

wxw.intervest21.ru/uslugi

Dangerous by Trend Micro: http://global.sitesafety.trendmicro.com/result.php

Virustotal: https://www.virustotal.com/en/url/9a077fd8f5046447e9d1c7ec03c493b8e2cfc9a06851455650c58ab28c64b0d7/analysis/1382802437/
Downloaded file analysis: https://www.virustotal.com/en/file/cbbd70983d56c1ab793a11f68403cf68b1d486fa62f23f5b34b3c5921390b949/analysis/1382739360/

Quettra: http://www.quttera.com/detailed_report/intervest21.ru Potentially suspicious
URLQuery: http://urlquery.net/report.php?id=7177114
Zulu: http://zulu.zscaler.com/submission/show/fac4ae8fab0ccbd50d1238cd9cea6a22-1382802523 Suspicious

4

Hi Steven Winderlich,

Thanks for that evaluation and the added checks.
I also found this on that domain:
Suspicious javascript check: Suspicious +xml" href=“htxp://intervest21.ru/engine/opensearch.php” title=“intervest21.ru - ðåìîíò êâàðòèð â ìîñêâå” /> <link rel=“alternate” type=“application/rss+xml” title="intervest21.r…
Suspicious included script: Suspect - please check list for unknown includes

Suspicious Script:
intervest21 dot ru/engine/classes/js/dle_js.js
.ru/whois/?ip=‘+a+’" target=“_blank”>‘+b+“”;e[1]=’<a href=“'+dle_root+dle_admin+”?mod=iptools&ip=“+a+'” target=“_blank”>‘+c+“”;e[2]=
Suspicious Script:
intervest21 dot ru/templates/service4x4/js/topmenu.js
document.write(’<iframe id=“iframeshim” src=“about:blank” frameborder=“0” scrolling=“no” style="left:0; top:0; position:absolute; display:no

Browser difference: Not identical

Google: 13080 bytes Firefox: 13305 bytes
Diff: 225 bytes

First difference:
} })(document, window, “yandex_metrika_callbacks”);

On site I get failure:

polonus