Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=camps.perm.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://camps.perm.ru/ | 200 OK Content-Length: 40495 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript"> (function (d, w, c) { (w[c] = w[c] || []).push(function() { try { w.yaCounter20828911 = new Ya.Metrika({id:20828911, clickmap:true, trackLinks:true, accurateTrackBounce:true}); } catch(e) { } }); var n = d.getElementsByTagName("script")[0], s = d.createElement("scri ...[600 bytes skipped]... | ||
http://camps.perm.ru/engine/classes/min/index.php?charset=windows-1251&g=general&8 | 200 OK Content-Length: 183563 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/webfont/1/webfont.js | 200 OK Content-Length: 17380 Content-Type: text/javascript | clean |
http://camps.perm.ru/engine/editor/scripts/webfont.js | 200 OK Content-Length: 3019 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/engine/ajax/board/board.js | 200 OK Content-Length: 10253 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/java/colorbox.js | 200 OK Content-Length: 9984 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/java/shop.js | 200 OK Content-Length: 8082 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/java/contact.js | 200 OK Content-Length: 13260 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/java/dataTables.js | 200 OK Content-Length: 71193 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/templates/Cmi/js/libs.js | 200 OK Content-Length: 770 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/templates/Cmi/js/sprite.js | 200 OK Content-Length: 760 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/templates/Cmi/js/events.js | 200 OK Content-Length: 1712 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/templates/Cmi/js/mobilyslider.js | 200 OK Content-Length: 11842 Content-Type: application/x-javascript | clean |
http://camps.perm.ru/index.php?do=follow_reg | 200 OK Content-Length: 20431 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript"> (function (d, w, c) { (w[c] = w[c] || []).push(function() { try { w.yaCounter20828911 = new Ya.Metrika({id:20828911, clickmap:true, trackLinks:true, accurateTrackBounce:true}); } catch(e) { } }); var n = d.getElementsByTagName("script")[0], s = d.createElement("script"), f = function () { n.parent s.async = true; s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js"; if (w.opera == "[object Opera]") { d.addEventListener("DOMContentLoaded", f, false); } else { f(); } })(document, window, "yandex_metrika_callbacks"); </script> <noscript><div><img src="//mc.yandex.ru/watch/20828911" style="position:absolute; left:-9999px;" alt="" /></div></noscript> | ||
http://camps.perm.ru/index.php?do=lostpassword | 200 OK Content-Length: 21736 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript"> (function (d, w, c) { (w[c] = w[c] || []).push(function() { try { w.yaCounter20828911 = new Ya.Metrika({id:20828911, clickmap:true, trackLinks:true, accurateTrackBounce:true}); } catch(e) { } }); var n = d.getElementsByTagName("script")[0], s = d.createElement("script"), f = function () { n.parent s.async = true; s.src = (d.location.protocol == "https:" ? "https:" : "http:") + "//mc.yandex.ru/metrika/watch.js"; if (w.opera == "[object Opera]") { d.addEventListener("DOMContentLoaded", f, false); } else { f(); } })(document, window, "yandex_metrika_callbacks"); </script> <noscript><div><img src="//mc.yandex.ru/watch/20828911" style="position:absolute; left:-9999px;" alt="" /></div></noscript> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: camps.perm.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 11 Sep 2014 11:32:34 GMT
Pragma: no-cache
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0k255v4c807m7r4209tebpm084; path=/; domain=.camps.perm.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
Set-Cookie: dle_password=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
X-Powered-By: PHP/5.3.3-7+squeeze14
GET / HTTP/1.1
Host: camps.perm.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 11 Sep 2014 11:32:34 GMT
Pragma: no-cache
Server: nginx/0.7.67
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=0k255v4c807m7r4209tebpm084; path=/; domain=.camps.perm.ru; HttpOnly
Set-Cookie: dle_user_id=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
Set-Cookie: dle_password=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Wed, 11-Sep-2013 11:32:33 GMT; path=/; domain=.camps.perm.ru; httponly
X-Powered-By: PHP/5.3.3-7+squeeze14
Second query (visit from search engine):
GET / HTTP/1.1
Host: camps.perm.ru
Referer: http://www.google.com/search?q=camps.perm.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: camps.perm.ru
Referer: http://www.google.com/search?q=camps.perm.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.