Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nmiin.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://nmiin.com/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 23 Jan 2015 02:15:39 GMT Location: http://nmiin.com/main Server: Microsoft-IIS/6.0 Content-Length: 142 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=BBE41B17B024469CA58C427440836404; domain=nmiin.com; path=/ Set-Cookie: ASPSESSIONIDCASQCRSS=OMMJOAIAOJOCMJDAAGGOPILO; path=/ | clean |
http://nmiin.com/main | HTTP/1.1 301 Moved Permanently Date: Fri, 23 Jan 2015 02:15:41 GMT Location: http://nmiin.com/main/ Server: Microsoft-IIS/6.0 Content-Length: 168 Content-Type: text/html | clean |
http://nmiin.com/main/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 23 Jan 2015 02:15:43 GMT Location: /main/main_real.asp Server: Microsoft-IIS/6.0 Content-Length: 140 Content-Type: text/html P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC Set-Cookie: PUID=F44E72F4DA9F47D48A797580697E7E6B; domain=nmiin.com; path=/ Set-Cookie: ASPSESSIONIDCASQCRSS=ANMJOAIALJBADHLIGFKGCKKL; path=/ | clean |
http://nmiin.com/main/main_real.asp | 200 OK Content-Length: 31016 Content-Type: text/html | clean |
http://nmiin.com/jscript/common.js | 200 OK Content-Length: 24106 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) String.prototype.trim = function() {
return this.replace(/(^\s*)|(\s*$)/g, ""); } String.prototype.stripspace = function() { return this.replace(/ /g, ""); } String.prototype.replaceAll = function(a, b) { var s = this; var n1, n2, s1, s2; while (true) { if ( s=="" || a=="" ) break; n1 = s.indexOf(a); if ( n1 < 0 ) break; n2 = n1 + a.length; if ( n1==0 ) { s1 = b; } e if (mode == '+') ++num; else --num; if (isminus != 1 && num < 0) num = 0; obj.value = num; } function isValidDomain(el) { var pattern = /^.+(\.[a-zA-Z]{2,3})$/; return (pattern.test(el.value.trim())) ? true : false; } function autotab(original, destination) { if (original.getAttribute && original.value.length == original.getAttribute("maxlength")) destination.focus() } Antivirus reports:
| ||
http://nmiin.com/jscript/embed.js | 200 OK Content-Length: 2953 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/ajax.js | 200 OK Content-Length: 2356 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/json.js | 200 OK Content-Length: 5093 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/rollover.js | 200 OK Content-Length: 1033 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/user_func.js | 200 OK Content-Length: 2552 Content-Type: application/x-javascript | clean |
http://nmiin.com/popup_main.js.asp | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://nmiin.com/test404page.js | 404 Not Found Content-Length: 1466 Content-Type: text/html | clean |
http://nmiin.com/jscript/cookie.js | 200 OK Content-Length: 1022 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/floating.js | 200 OK Content-Length: 3497 Content-Type: application/x-javascript | clean |
http://nmiin.com/jscript/left_floating.js | 200 OK Content-Length: 3583 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nmiin.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Fri, 23 Jan 2015 02:15:39 GMT
Location: http://nmiin.com/main
Server: Microsoft-IIS/6.0
Content-Length: 142
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=BBE41B17B024469CA58C427440836404; domain=nmiin.com; path=/
Set-Cookie: ASPSESSIONIDCASQCRSS=OMMJOAIAOJOCMJDAAGGOPILO; path=/
...142 bytes of data.
GET / HTTP/1.1
Host: nmiin.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Fri, 23 Jan 2015 02:15:39 GMT
Location: http://nmiin.com/main
Server: Microsoft-IIS/6.0
Content-Length: 142
Content-Type: text/html
P3P: CP=ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC
Set-Cookie: PUID=BBE41B17B024469CA58C427440836404; domain=nmiin.com; path=/
Set-Cookie: ASPSESSIONIDCASQCRSS=OMMJOAIAOJOCMJDAAGGOPILO; path=/
...142 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nmiin.com
Referer: http://www.google.com/search?q=nmiin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nmiin.com
Referer: http://www.google.com/search?q=nmiin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.