Scanned pages/files
Request | Server response | Status |
http://www.nikoare.ru/ | 200 OK Content-Length: 187627 Content-Type: text/html | clean |
http://nikoare.ru/plugins/system/iewarning/js/warning.js | 200 OK Content-Length: 8024 Content-Type: application/x-javascript | clean |
http://www.nikoare.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://www.nikoare.ru/components/com_morfeoshow/src/js/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://nikoare.ru/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 3208 Content-Type: application/x-javascript | clean |
http://nikoare.ru/templates/ja_purity/js/ja.rightcol.js | 200 OK Content-Length: 1695 Content-Type: application/x-javascript | clean |
http://nikoare.ru/templates/ja_purity/js/ja.cssmenu.js | 200 OK Content-Length: 578 Content-Type: application/x-javascript | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6105 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); Antivirus reports:
| ||
http://counter.rambler.ru/top100.jcn?2143976 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://ru3.hit.stat24.com/xy.js?id=ofiQor_JW_.Khy2Lggq7J.WWfSrFzCOOXjj0BPC6vLD.N7/align=center/type=absolute | 200 OK Content-Length: 420 Content-Type: application/x-javascript | clean |
http://cdn.connect.mail.ru/js/share/2/share.js | 200 OK Content-Length: 11486 Content-Type: application/x-javascript | clean |
http://www.nikoare.ru/index.php | 200 OK Content-Length: 187635 Content-Type: text/html | clean |
http://www.nikoare.ru/anatomia-fitnesa | 200 OK Content-Length: 60966 Content-Type: text/html | clean |
http://odnaknopka.ru/ok1.js | 200 OK Content-Length: 761 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka1() { this.init=function() { document.write('<a href="http://odnaknopka.ru/add/" onclick="window.open(\'http://odnaknopka.ru/add/?url=\'+encodeURIComponent(location.href)+\'&title=\'+encodeURIComponent(document.title),\'odnaknopka\',\'scrollbars=yes,menubar=no,width=600,height=500,left='+(document.body.clientWidth/2-300)+',top='+(document.body.clientHeight/2-250)+',resizable=yes,toolbar=no,location=no,status=no\');return false;"><img src="http://odnaknopka.ru/images/button.gif" width="136" height="16" alt="ОднаКнопка" title="ОднаКнопка" border="0"></a>'); } } odnaknopka1=new NewOdnaknopka1(); odnaknopka1.init(); Antivirus reports:
| ||
http://www.nikoare.ru/index.php?Itemid=125&option= | 404 Not Found Content-Length: 50772 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nikoare.ru
Result:
GET / HTTP/1.1
Host: nikoare.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: nikoare.ru
Referer: http://www.google.com/search?q=nikoare.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nikoare.ru
Referer: http://www.google.com/search?q=nikoare.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nikoare.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nikoare.ru/
Result: nikoare.ru is not infected or malware details are not published yet.
Result: nikoare.ru is not infected or malware details are not published yet.