Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vandenrobotics.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 21:02:32 GMT
Location: http://www.vandenrobotics.com/
Server: nginx
Content-Length: 178
Content-Type: text/html
...178 bytes of data.
GET / HTTP/1.1
Host: vandenrobotics.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 21:02:32 GMT
Location: http://www.vandenrobotics.com/
Server: nginx
Content-Length: 178
Content-Type: text/html
...178 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vandenrobotics.com
Referer: http://www.google.com/search?q=vandenrobotics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vandenrobotics.com
Referer: http://www.google.com/search?q=vandenrobotics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://android-ru-icq.ru/ | 200 OK Content-Length: 6902 Content-Type: text/html | clean |
http://android-ru-icq.ru/file.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 08 Apr 2014 12:32:06 GMT Location: http://rerekal.org/m.php?id=17788 Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html; charset=CP1251 | clean |
http://rerekal.org/m.php?id=17788 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 08 Apr 2014 12:32:07 GMT Pragma: no-cache Location: http://fileoyandex.net/midlets/a393152ddc026a4573ec40be637c54cc/icq.jar Server: nginx/1.4.1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=lih9qrmojql3hhv7c1166jb741; path=/ Set-Cookie: ldownload=30330-37; expires=Wed, 09-Apr-2014 12:32:07 GMT X-Powered-By: PHP/5.4.16 | malicious |
http://fileoyandex.net/midlets/a393152ddc026a4573ec40be637c54cc/icq.jar | 200 OK Content-Length: 112718 Content-Type: application/java-archive | clean |
http://fileoyandex.net/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://android-ru-icq.ru/uno-android.html | 200 OK Content-Length: 3513 Content-Type: text/html | clean |
http://android-ru-icq.ru/file2.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 08 Apr 2014 12:32:08 GMT Location: http://rerekal.org/m.php?id=18254 Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html; charset=CP1251 | clean |
http://rerekal.org/m.php?id=18254 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 08 Apr 2014 12:32:08 GMT Pragma: no-cache Location: http://fileoyandex.net/midlets/3d77fedf2c2e21f8436eaca68570ab3a/unoâ¢.jar Server: nginx/1.4.1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=h4tjhm8133vbnksjb8l7ms37g7; path=/ Set-Cookie: ldownload=30330-37; expires=Wed, 09-Apr-2014 12:32:08 GMT X-Powered-By: PHP/5.4.16 | malicious |
http://fileoyandex.net/midlets/3d77fedf2c2e21f8436eaca68570ab3a/unoâ¢.jar | 200 OK Content-Length: 110080 Content-Type: application/java-archive | clean |
http://android-ru-icq.ru/farming-simulator-android.html | 200 OK Content-Length: 3737 Content-Type: text/html | clean |
http://android-ru-icq.ru/file1.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 08 Apr 2014 12:32:09 GMT Location: http://rerekal.org/m.php?id=18253 Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html; charset=CP1251 | clean |
http://rerekal.org/m.php?id=18253 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 08 Apr 2014 12:32:09 GMT Pragma: no-cache Location: http://fileoyandex.net/midlets/079c0e6180876873c1011ea8479f78dc/farming_simulator.jar Server: nginx/1.4.1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=usfdqh8m7o1n37bug98g50dih2; path=/ Set-Cookie: ldownload=30330-37; expires=Wed, 09-Apr-2014 12:32:09 GMT X-Powered-By: PHP/5.4.16 | malicious |
http://fileoyandex.net/midlets/079c0e6180876873c1011ea8479f78dc/farming_simulator.jar | 200 OK Content-Length: 115972 Content-Type: application/java-archive | clean |
http://android-ru-icq.ru/wild-blood-android.html | 200 OK Content-Length: 3541 Content-Type: text/html | clean |
http://android-ru-icq.ru/file4.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 08 Apr 2014 12:32:10 GMT Location: http://rerekal.org/m.php?id=18256 Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html; charset=CP1251 | clean |
http://rerekal.org/m.php?id=18256 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 08 Apr 2014 12:32:10 GMT Pragma: no-cache Location: http://fileoyandex.net/midlets/2c41a843f6c881b30c9dfc60619f29b4/wild_blood.jar Server: nginx/1.4.1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=srf1e3v342sjik50n9v7pagle4; path=/ Set-Cookie: ldownload=30330-37; expires=Wed, 09-Apr-2014 12:32:10 GMT X-Powered-By: PHP/5.4.16 | malicious |
http://fileoyandex.net/midlets/2c41a843f6c881b30c9dfc60619f29b4/wild_blood.jar | 200 OK Content-Length: 115160 Content-Type: application/java-archive | clean |
http://android-ru-icq.ru/sonic-jump-android.html | 200 OK Content-Length: 3613 Content-Type: text/html | clean |
http://android-ru-icq.ru/file3.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 08 Apr 2014 12:32:11 GMT Location: http://rerekal.org/m.php?id=18255 Server: nginx/1.4.7 Content-Length: 0 Content-Type: text/html; charset=CP1251 | clean |
http://rerekal.org/m.php?id=18255 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 08 Apr 2014 12:32:11 GMT Pragma: no-cache Location: http://fileoyandex.net/midlets/5d9b782a39082265d8da5a496785798b/sonic_jump.jar Server: nginx/1.4.1 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=d2i10jmnt2549sirlmatkorkm2; path=/ Set-Cookie: ldownload=30330-37; expires=Wed, 09-Apr-2014 12:32:11 GMT X-Powered-By: PHP/5.4.16 | malicious |
http://fileoyandex.net/midlets/5d9b782a39082265d8da5a496785798b/sonic_jump.jar | 200 OK Content-Length: 115323 Content-Type: application/java-archive | clean |
http://android-ru-icq.ru/oferta.html | 200 OK Content-Length: 14188 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=android-ru-icq.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://android-ru-icq.ru/
Result: android-ru-icq.ru is not infected or malware details are not published yet.
Result: android-ru-icq.ru is not infected or malware details are not published yet.