Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 4say.ru
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 12:30:39 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 25 Dec 2014 12:30:39 GMT
Set-Cookie: SESS61aca5a6e7071a63b79edfb474fad80c=a0r41tnr34bs7atli5m3mo9lp7; expires=Sat, 17-Jan-2015 16:03:59 GMT; path=/; domain=.4say.ru
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: 4say.ru
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 12:30:39 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 25 Dec 2014 12:30:39 GMT
Set-Cookie: SESS61aca5a6e7071a63b79edfb474fad80c=a0r41tnr34bs7atli5m3mo9lp7; expires=Sat, 17-Jan-2015 16:03:59 GMT; path=/; domain=.4say.ru
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: 4say.ru
Referer: http://www.google.com/search?q=4say.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 4say.ru
Referer: http://www.google.com/search?q=4say.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://4say.ru/ | 200 OK Content-Length: 40237 Content-Type: text/html | clean |
http://userapi.com/js/api/openapi.js?1 | 200 OK Content-Length: 64063 Content-Type: application/x-javascript | clean |
http://vkontakte.ru/js/api/share.js?9 | 200 OK Content-Length: 10156 Content-Type: application/x-javascript | clean |
http://4say.ru/misc/jquery.js?n | 200 OK Content-Length: 31089 Content-Type: application/x-javascript | clean |
http://4say.ru/misc/drupal.js?n | 200 OK Content-Length: 9834 Content-Type: application/x-javascript | clean |
http://4say.ru/sites/default/files/languages/ru_82fba9e9df455c6430eaf44efcd769b8.js?n | 200 OK Content-Length: 2965 Content-Type: application/x-javascript | clean |
http://4say.ru/modules/thickbox/thickbox.js?n | 200 OK Content-Length: 14811 Content-Type: application/x-javascript | clean |
http://4say.ru/modules/vk_openapi/openapi.js?n | 200 OK Content-Length: 3226 Content-Type: application/x-javascript | clean |
http://4say.ru/modules/ctools/js/ajax-responder.js?n | 200 OK Content-Length: 14952 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?20 | 200 OK Content-Length: 64063 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?45 | 200 OK Content-Length: 64063 Content-Type: application/x-javascript | clean |
http://4say.ru//vk.com/js/api/openapi.js?87/ | 404 Not Found Content-Length: 15137 Content-Type: text/html | clean |
http://4say.ru//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 15219 Content-Type: text/html | clean |
http://4say.ru/tag/vy-tozhe | 200 OK Content-Length: 36192 Content-Type: text/html | clean |
http://4say.ru/tag/ | 404 Not Found Content-Length: 15087 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=4say.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://4say.ru/
Result: 4say.ru is not infected or malware details are not published yet.
Result: 4say.ru is not infected or malware details are not published yet.