polonus
1
Given as suspicious here: http://killmalware.com/stroi-gruppa.ru/#
Thrice detected: https://www.virustotal.com/nl/url/4d4cd4b89306a49027b560a6c0d89c5634787179d0180297939573aa01a3af7e/analysis/1421621063/
Blacklisted external links: htxp://www.liveinternet.ru/journal_post.php?action%3Dn_add&cnurl%3D&cntitle%3D%27
htxp://www.liveinternet.ru/journal_post.php?action%3Dn_add&cnurl%3Ddata-url&cntitle%3Ddata-title
Blacklisted: http://www.google.com/safebrowsing/diagnostic?site=stroi-gruppa.ru
Powered by: joomla *
Outdated Web Server Apache Found: Apache/2.2.16
Code going to www.surbc.ru, a site earlier hacked → http://www.zone-h.org/mirror/id/19226645
Vulnerable to this joomla exploit: http://www.exploit-db.com/exploits/12086/
Joomla Component Highslide JS com_hsconfig Local File Inclusion Vulnerability *
polonus
polonus
2
Interesting here are these scan results (for security researchers only, open link with NoScript extension active in the browser in a VM/sandbox)
→ http://jsunpack.jeek.org/?report=d55feb38a3ef35b7e09ab0b46e59e295bfcd8fb7
Max runtime exceeded so suspicious code:
www.google.com/jsapi benign
[nothing detected] (script) www.google.com/jsapi
status: (referer=stroi-gruppa.ru/)saved 24666 bytes de651602840a7303aa4ae4144a59e919e8205a8b
info: [script] :
info: [script] www.google.com/
info: [decodingLevel=0] found JavaScript
suspicious: why? URL=www.surbc.ru/js/undefined & error: undefined variable google
error: undefined function google.load *
Also see the URI check scan: http://linkeddata.informatik.hu-berlin.de/uridbg/index.php?url=http%3A%2F%2Fstroi-gruppa.ru%2F&useragentheader=&acceptheader=
Vulnerable to hacker file managers like Da3s File Manager Version 1.0,
polonus (volunteer website security analyst and website error-hunter)