See: https://www.virustotal.com/en/url/ca17a6c1da57e2d9bcf05f6e9befe4a4b8a548a80b81b3778ff134b045516acb/analysis/#additional-info
ISSUE DETECTED DEFINITION VULNERABLE HEADER
Outdated Web Server Nginx Found Vulnerabilities on nginx nginx/0.7.62
See: http://www.projecthoneypot.org/ip_89.108.96.61
Quttera has all the detection details: http://quttera.com/detailed_report/www.h16.ru
22 detections for Severity: Malicious
Reason: Detected reference to blacklisted domain
Details: Detected reference to malicious blacklisted domain -stat.tbn.ru
Various instances of potentially suspicious:
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Too low entropy detected in string [[‘%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26%26’]] of length 100 which may point to obfuscation or shellcode. Blocked Suspected XSS Attack
Blocked URL: htxps://www.google.nl/search?q=%3Cscript+type%3D%27text%2Fjavascript%27+language%3D%27javascript%27+%3E+%2F%2F%3C!–+Tracker+code+start+function+tracker()+%7B+tokens+%3D+%5B+%22p%3D%22%2C+%22a%3D%22+%5D%3B+pos+%3D+location.href.indexOf(+%22%3F%22)%3B+if(+pos+!%3D±1)+%7B+url+%3D+location.href%3B+result+%3D+%22%22%3B+res_url+%3D+escape(+url.substring(+0%2C+pos))%3B+do+%7B+url+%3D+url.substring(+pos+%2B+1%2C+url.length)%3B+pos+%3D+url.indexOf(+%22%2526%22)+for(+j+%3D+0%3B+j+%3C+tokens.length%3B+j%2B%2B)+%7B&oq=%3Cscript+type%3D%27text%2Fjavascript%27+language%3D%27javascript%27+%3E++++%2F%2F%3C!–+Tracker+code+start++function+tracker()+%7B+++tokens+%3D+%5B+%22p%3D%22%2C+%22a%3D%22+%5D%3B+++pos+%3D+location.href.indexOf(+%22%3F%22)%3B+++if(+pos+!%3D±1)+%7B+++url+%3D+location.href%3B++result+%3D+%22%22%3B++res_url+%3D+escape(+url.substring(+0%2C+pos))%3B+++do+%7B+++url+%3D+url.substring(+pos+%2B+1%2C+url.length)%3B++pos+%3D+url.indexOf(+%22%2526%22)++for(+j+%3D+0%3B++j+%3C+tokens.length%3B++j%2B%2B)+%7B&aqs=chrome…69i57&sourceid=chrome&es_sm=93&ie=UTF-8
Visit anyway Flagged by Netcraft XSS filter
polonus