Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nsk-tv.narod.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://nsk-tv.narod.ru/ | 200 OK Content-Length: 11096 Content-Type: text/html | clean |
http://nsk-tv.narod.ru/abnl/?adsdata=aKseiwm;la6xTwAaSISeRmJPkLCrsuRwba8^QLx7biWvRdJM6fhhVNMpePMT2W3mKgpj10gSsbB2ECFaImYLzOL5SG1viHKWJeh3kIAA40xJWmYnXmtWBOyQP;2mBNGFSen9jGS3Rwoo | 200 OK Content-Length: 2737 Content-Type: application/javascript | clean |
http://js.betonmarkets.com/javascript.php?prefix=TS187I1qQZ6YNevImT-MDGNd7ZgqdRLk&media=105&campaign=1 | 200 OK Content-Length: 960 Content-Type: application/javascript | clean |
http://tv.cmlt.tv/js/informer/2078/2078.js | 200 OK Content-Length: 6921 Content-Type: text/javascript | clean |
http://tv.cmlt.tv/js/informer/informerSelTimeChan.js?encoding=windows-1251 | 200 OK Content-Length: 2685 Content-Type: text/javascript | clean |
http://www.directadvert.ru/show.cgi?adp=43224 | 200 OK Content-Length: 15004 Content-Type: application/x-javascript | clean |
http://teachac.com/static/tds.js | 200 OK Content-Length: 18763 Content-Type: application/javascript | clean |
http://nsk-tv.narod.ru/karusel.html | 200 OK Content-Length: 20615 Content-Type: text/html | clean |
http://nsk-tv.narod.ru/abnl/?adsdata=Qha^7ssCaO7C2ehk3L;EZY!II55dtyb3E29k6EfMugU4lfzjIO^C181eebAYSWlU0U4WaZU!PhWQ;CSUe2WwHFeQRbX^7tDeONF!tY8rMpvqfqv1k0rZKAl9^wC;Ox4F!nfMwXLSWEFo | 200 OK Content-Length: 2729 Content-Type: application/javascript | clean |
http://afficent.com/javascript/01Te02E8080eb | 200 OK Content-Length: 8656 Content-Type: application/javascript | clean |
http://dimprive.com/javascript/6280C000Ff | 200 OK Content-Length: 8656 Content-Type: application/javascript | clean |
http://odnaknopka.ru/ok2.js | 200 OK Content-Length: 6191 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka2() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.selection=function() { var sel; if (window.getSelection) sel=window.getSelection(); else if (document.selection) sel=document.selection.createRange(); else sel=''; if (sel.text) sel=sel.text; return encodeURIComponent(sel); } th } } odnaknopka2=new NewOdnaknopka2(); odnaknopka2.init(); var js = document.createElement("script"); js.type = "text/javascript"; js.src = "http://odnaknopka.ru/stat.js"; document.body.appendChild(js); Antivirus reports:
| ||
http://cettente.com/javascript/yvh4rxBCTg57qt8 | 200 OK Content-Length: 8656 Content-Type: application/javascript | clean |
http://nsk-tv.narod.ru/avto.html | 200 OK Content-Length: 3292 Content-Type: text/html | clean |
http://nsk-tv.narod.ru/abnl/?adsdata=YynY0KAt^WQ11RXUFSdUBXdXI1MHDp7h4!qiOPgINURDRD1AakhP5SeV8jjw;sbd89^Zfv1lc0qcwPLdBeI8ejbWRyUkwq^qlsHMwWHh9fdVl^1Z!Rf1EzqyTSGJxku8hGbTny5!yifo | 200 OK Content-Length: 2749 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nsk-tv.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 01 Mar 2015 17:01:13 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
GET / HTTP/1.1
Host: nsk-tv.narod.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 01 Mar 2015 17:01:13 GMT
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Second query (visit from search engine):
GET / HTTP/1.1
Host: nsk-tv.narod.ru
Referer: http://www.google.com/search?q=nsk-tv.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nsk-tv.narod.ru
Referer: http://www.google.com/search?q=nsk-tv.narod.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.