Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kokushki.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://kokushki.ru/ | 200 OK Content-Length: 28502 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
http://kokushki.ru/modernizr.js | 200 OK Content-Length: 6296 Content-Type: application/javascript | clean |
http://yourmine.ru/cgi-bin/mr.cgi | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://kokushki.ru/script.js | 200 OK Content-Length: 123256 Content-Type: application/javascript | clean |
http://parking.reg.ru/script/get_domain_data?domain_name=kokushki.ru&callback=callback | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 20:06:14 GMT Location: https://parking.reg.ru/script/get_domain_data?domain_name=kokushki.ru&callback=callback Server: nginx Content-Length: 178 Content-Type: text/html | clean |
https://parking.reg.ru/script/get_domain_data?domain_name=kokushki.ru&callback=callback | 200 OK Content-Length: 129 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: kokushki.ru callback({"stat_id":"2","domain_in_shop":"1","dname":"kokushki.ru","domain_shop_price":"4 399","can_renew":0,"ref_id":"342101"}); | ||
http://kokushki.ru/test404page.js | 404 Not Found Content-Length: 28502 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. (function(){ var D=new Date(),d=document,b='body',ce='createElement',ac='appendChild',st='style',ds='display',n='none',gi='getElementById'; var i=d[ce]('iframe');i[st][ds]=n;d[gi]("MarketGidScriptRootC571350")[ac](i);try{var iw=i.contentWindow.document;iw.open();iw.writeln("<ht"+"ml><bo"+"dy></bo"+"dy></ht"+"ml>");iw.close();var c=iw[b];} catch(e){var iw=d;var c=d[gi]("MarketGidScriptRootC571350");}var dv=iw[ce]('div');dv.id="MG_ID";dv[st][ds]=n;dv.innerHTML=571350;c[ac](dv); var s=iw[ce]('script');s.async='async';s.defer='defer';s.charset='utf-8';s.src="//jsc.marketgid.com/1/r/1.reg.ru.571350.js?t="+D.getYear()+D.getMonth()+D.getDate()+D.getHours();c[ac](s);})(); | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kokushki.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=62444
Connection: close
Date: Mon, 02 Mar 2015 20:06:12 GMT
Server: nginx
Content-Type: text/html
Expires: Tue, 03 Mar 2015 13:26:56 GMT
GET / HTTP/1.1
Host: kokushki.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=62444
Connection: close
Date: Mon, 02 Mar 2015 20:06:12 GMT
Server: nginx
Content-Type: text/html
Expires: Tue, 03 Mar 2015 13:26:56 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: kokushki.ru
Referer: http://www.google.com/search?q=kokushki.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kokushki.ru
Referer: http://www.google.com/search?q=kokushki.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.