Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dedr.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dedr.ru/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nlp4all.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Nov 2015 19:24:30 GMT
Accept-Ranges: bytes
ETag: "4a1b-51cf4b6ade180"
Server: Apache
Vary: Accept-Encoding
Content-Length: 18971
Content-Type: text/html
Last-Modified: Mon, 10 Aug 2015 13:10:46 GMT
X-Pad: avoid browser bug
...18971 bytes of data.
GET / HTTP/1.1
Host: nlp4all.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Nov 2015 19:24:30 GMT
Accept-Ranges: bytes
ETag: "4a1b-51cf4b6ade180"
Server: Apache
Vary: Accept-Encoding
Content-Length: 18971
Content-Type: text/html
Last-Modified: Mon, 10 Aug 2015 13:10:46 GMT
X-Pad: avoid browser bug
...18971 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nlp4all.biz
Referer: http://www.google.com/search?q=nlp4all.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nlp4all.biz
Referer: http://www.google.com/search?q=nlp4all.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://dedr.ru/ | 200 OK Content-Length: 9209 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: xxx20.ru ...[571 bytes skipped]... text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://xxxsota.ru">мобилÑное поÑно видео</a><br/> <a href="http://xxx20.ru">ÑкаÑаÑÑ Ð¿Ð¾Ñно видео на ÑелеÑон</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=504053"></script> <div class="header"> <div ...[9964 bytes skipped]... | ||
http://advertom.com/57t6fc61e4d21c/01.js | 200 OK Content-Length: 15415 Content-Type: application/x-javascript | clean |
http://pojulo.com/static/bc.js?p=231248&b=504053 | 200 OK Content-Length: 3752 Content-Type: application/x-javascript | clean |
http://dedr.ru/best.php | 200 OK Content-Length: 10141 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 4iki.org ...[566 bytes skipped]... ype="text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://vsem21.ru">ÐаÑÑинки пÑо лÑбовÑ</a><br/> <a href="http://4iki.org">поÑно видео mp4</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=504053"></script> <div class="header"> <div class="head"></div>< ...[10445 bytes skipped]... | ||
http://advertom.com/32c49c1678/e407dbd/861de.js | 200 OK Content-Length: 15415 Content-Type: application/x-javascript | clean |
http://dedr.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 06 Apr 2014 22:20:05 GMT Location: http://dedr.ru/rega.php?err=404 Server: nginx Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://dedr.ru/rega.php?err=404 | 200 OK Content-Length: 5031 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: sizka.org ...[501 bytes skipped]... " /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://ersex.ru">ÐеÑплаÑнÑе игÑÑ, пÑогÑаммÑ</a><br/> <a href="http://sizka.org">мобилÑное поÑно на ÑелеÑон</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=504053"></script> <div class="header"> <div class= ...[4943 bytes skipped]... | ||
http://dedr.ru/loads/?c=Igry_na_telefon | 200 OK Content-Length: 2625 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: erbox.net ...[421 bytes skipped]... mage/x-icon" href="/img/favicon.ico"/> <link rel="stylesheet" href="/img/deman.css" type="text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://erbox.net">ÑкаÑаÑÑ Ð¿Ð¾Ñно видео</a><br/> <noindex><a rel="nofollow" href="http://friwap.ru/go/go.php?id=22">ÐÐÐÐÐСТÐÐ + Ñ Ñ Ñ Ð·Ð°Ð³ÑÑзки</a><br/></noindex> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <sc ...[1947 bytes skipped]... | ||
http://dedr.ru/loads/index.php?c=Igry_na_telefon&act=top | 200 OK Content-Length: 5947 Content-Type: text/html | clean |
http://dedr.ru/loads/Igry_na_telefon-10229-69.-view-1.html | 200 OK Content-Length: 3367 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pornomobi.ru ...[620 bytes skipped]... e="text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://friwap.ru">ÑкаÑаÑÑ Ð¿Ð¾Ñно видео</a><br/> <a href="http://pornomobi.ru">беÑплаÑное поÑно видео</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=504053"></script> <div class="header"><b> СкаÑÐ°Ñ ...[2475 bytes skipped]... | ||
http://dedr.ru//yandex.st/share/share.js/ | HTTP/1.1 302 Found Connection: close Date: Sun, 06 Apr 2014 22:20:07 GMT Location: http://dedr.ru/rega.php?err=404 Server: nginx Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://dedr.ru/loads/load.php?c=Igry_na_telefon&id=10229 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:07 GMT Pragma: no-cache Location: http://iceload.ru/load.php?c=Igry_na_telefon&id=10229 Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6jq118l69agjl6gur16rtsmtk0; path=/ X-Powered-By: PHP/5.2.17 | malicious |
http://iceload.ru/load.php?c=igry_na_telefon&id=10229 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:07 GMT Pragma: no-cache Location: down/igry_na_telefon/10229/_ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=2lc5v3vo90t3qqd3mup1eq2vt6; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://iceload.ru/down/igry_na_telefon/10229/_ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://dedr.ru/loads/Igry_na_telefon-10234-140.-view-1.html | 200 OK Content-Length: 4274 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: vapok.ru ...[626 bytes skipped]... > <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://uwapa.ru">СкаÑаÑÑ Ð½Ð° ÑелеÑон беÑплаÑно</a><br/> <a href="http://vapok.ru">поÑно ÑкaÑaÑÑ Ð½a ÑeлeÑон</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=504053"></script> <div class="header"><b> СкаÑаÑÑ ...[3400 bytes skipped]... | ||
http://dedr.ru/loads/load.php?c=Igry_na_telefon&id=10234 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:08 GMT Pragma: no-cache Location: http://iceload.ru/load.php?c=Igry_na_telefon&id=10234 Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3kn8g01marg9kbbi4pphn4jhg3; path=/ X-Powered-By: PHP/5.2.17 | malicious |
http://iceload.ru/load.php?c=igry_na_telefon&id=10234 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:08 GMT Pragma: no-cache Location: down/igry_na_telefon/10234/_ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=9fc8p2fkqmutsukc63d398o603; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://iceload.ru/down/igry_na_telefon/10234/_ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://dedr.ru/loads/files/Igry_na_telefon/Nokia/240x320_S40_5ed_3120_5310_5610_6301_6500/Action/micro_counter_strike_bt_140.jad | HTTP/1.1 302 Found Connection: close Date: Sun, 06 Apr 2014 22:20:08 GMT Location: http://dedr.ru/rega.php?err=404 Server: nginx Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://dedr.ru/loads/index.php?c=Igry_na_telefon&id=10233 | 200 OK Content-Length: 5310 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: erbox.net ...[513 bytes skipped]... mage/x-icon" href="/img/favicon.ico"/> <link rel="stylesheet" href="/img/deman.css" type="text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://erbox.net">ÑкаÑаÑÑ Ð¿Ð¾Ñно видео</a><br/> <a href="http://sexhom.ru">поÑно mp4 ÑкаÑаÑÑ</a><br/> </div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js?p=231248&b=5 ...[4558 bytes skipped]... | ||
http://dedr.ru/loads/load.php?c=Igry_na_telefon&id=10233 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:09 GMT Pragma: no-cache Location: http://iceload.ru/load.php?c=Igry_na_telefon&id=10233 Server: nginx Content-Length: 0 Content-Type: text/html; charset=utf8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=jkp8dvjdbpv98lsfemtctgpnv1; path=/ X-Powered-By: PHP/5.2.17 | malicious |
http://iceload.ru/load.php?c=igry_na_telefon&id=10233 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 06 Apr 2014 22:20:09 GMT Pragma: no-cache Location: down/igry_na_telefon/10233/_ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=f6bj5cauu68vileaoi2cbj8rq7; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://iceload.ru/down/igry_na_telefon/10233/_ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://dedr.ru/loads/files/Igry_na_telefon/Nokia/240x320_S40_5ed_3120_5310_5610_6301_6500/Action/Earthworm_Jim__GB__MeBoy_.jad | HTTP/1.1 302 Found Connection: close Date: Sun, 06 Apr 2014 22:20:09 GMT Location: http://dedr.ru/rega.php?err=404 Server: nginx Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://dedr.ru/loads/index.php?c=Igry_na_telefon&id=10232 | 200 OK Content-Length: 3460 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: erbox.net ...[514 bytes skipped]... mage/x-icon" href="/img/favicon.ico"/> <link rel="stylesheet" href="/img/deman.css" type="text/css" /> <meta name="keywords" content="3gp поÑно, 3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> <meta name="description" content="3gp поÑно,3gp видео, ÑкаÑаÑÑ Ð±ÐµÑплаÑное поÑно"/> </head> <body> <div class="hea"><a href="http://erbox.net">ÑкаÑаÑÑ Ð¿Ð¾Ñно видео</a><br/> <a href="http://vipwap.org">поÑно без ÑегиÑÑÑаÑии и ÑмÑ</a><br/></div> <script type="text/javascript"> teasernet_blockid = 489588; teasernet_padid = 231248; </script> <script type="text/javascript" src="http://advertom.com/57t6fc61e4d21c/01.js"></script> <script type="text/javascript" src="http://pojulo.com/static/bc.js? ...[2695 bytes skipped]... | ||