Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: claralucia-sarmiento.com
Result:
GET / HTTP/1.1
Host: claralucia-sarmiento.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: claralucia-sarmiento.com
Referer: http://www.google.com/search?q=claralucia-sarmiento.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: claralucia-sarmiento.com
Referer: http://www.google.com/search?q=claralucia-sarmiento.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://belgorod.com.ua/ | HTTP/1.1 302 Found Connection: close Date: Wed, 23 Apr 2014 19:06:11 GMT Location: http://belgorod.zatoka-ua.com/ Server: nginx admin Content-Length: 214 Content-Type: text/html; charset=iso-8859-1 X-Cache: HIT from Backend | malicious |
http://belgorod.zatoka-ua.com/ | 200 OK Content-Length: 44286 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: odessa.kurorts.com ...[3541 bytes skipped]... r._setDomainName(".zatoka-ua.com"); pageTracker._trackPageview(); } catch(err) {}</script> </head> <body> <div class="upper"><div class="roller"><a href="#top"><img src="http://zatoka-ua.com/tpl/images/top.jpg" alt="" /></a></div></div> <div id="container"> <div id="label_for_portals"> <a href="http://odessa.kurorts.com" target="_blank" id="odessa_tab"></a> <a href="http://karpaty.kurorts.com" target="_blank" id="karpaty_tab"></a> <a href="http://kiev.kurorts.com/" target="_blank" id="kiev_tab"></a> </div> <div class="top_banner"> <center> <table cellpadding="0" cellspacing="0" width="100%"><tr> <td><!--/* OpenX iFrame Tag v2.8.7 */--> <!--/* * This tag ...[47132 bytes skipped]... | ||
http://zatoka-ua.com/tpl/scripts/jquery-1.4.2.min.js | 200 OK Content-Length: 72328 Content-Type: application/javascript | clean |
http://zatoka-ua.com/tpl/scripts/jquery.validationEngine-ru.js | 200 OK Content-Length: 2800 Content-Type: application/javascript | clean |
http://zatoka-ua.com/tpl/scripts/jquery.validationEngine.js | 200 OK Content-Length: 26724 Content-Type: application/javascript | clean |
http://zatoka-ua.com/tpl/scripts/jquery.fancybox-1.3.4.pack.js | 200 OK Content-Length: 15669 Content-Type: application/javascript | clean |
http://zatoka-ua.com/js/flowplayer-3.1.4.min.js | 200 OK Content-Length: 15960 Content-Type: application/javascript | clean |
http://zatoka-ua.com/tpl/scripts/base.js | 200 OK Content-Length: 6120 Content-Type: application/javascript | clean |
http://ulogin.ru/js/ulogin.js | 200 OK Content-Length: 34388 Content-Type: application/x-javascript | clean |
http://informer.gismeteo.ru/flash/fcode.js | 200 OK Content-Length: 637 Content-Type: application/x-javascript | clean |
http://userapi.com/js/api/openapi.js?49 | 200 OK Content-Length: 63942 Content-Type: application/x-javascript | clean |
http://belgorod.com.ua//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | HTTP/1.1 302 Found Connection: close Date: Wed, 23 Apr 2014 19:06:17 GMT Location: http://belgorod.zatoka-ua.com/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ Server: nginx admin Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://belgorod.zatoka-ua.com/translate.google.com/translate_a/element.js?cb=googletranslateelementinit/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 23 Apr 2014 19:06:18 GMT Pragma: no-cache Location: http://zatoka-ua.com Server: nginx admin Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=f61e494c153445d9d014c8ae49e243f8; expires=Fri, 23-May-2014 19:06:17 GMT; path=/; domain=.zatoka-ua.com Set-Cookie: portal=new; expires=Fri, 24-Apr-2015 03:26:17 GMT; path=/; domain=.zatoka-ua.com X-Powered-By: PHP/5.3.28 | clean |
http://zatoka-ua.com/ | 200 OK Content-Length: 64962 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: odessa.kurorts.com ...[3215 bytes skipped]... r._setDomainName(".zatoka-ua.com"); pageTracker._trackPageview(); } catch(err) {}</script> </head> <body> <div class="upper"><div class="roller"><a href="#top"><img src="http://zatoka-ua.com/tpl/images/top.jpg" alt="" /></a></div></div> <div id="container"> <div id="label_for_portals"> <a href="http://odessa.kurorts.com" target="_blank" id="odessa_tab"></a> <a href="http://karpaty.kurorts.com" target="_blank" id="karpaty_tab"></a> <a href="http://kiev.kurorts.com/" target="_blank" id="kiev_tab"></a> </div> <div class="top_banner"> <center> <table cellpadding="0" cellspacing="0" width="100%"><tr> <td><!--/* OpenX iFrame Tag v2.8.7 */--> <!--/* * This tag ...[71064 bytes skipped]... | ||
http://zatoka-ua.com//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 23 Apr 2014 19:06:20 GMT Pragma: no-cache Location: http://zatoka-ua.com Server: nginx admin Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ef4b51556f2d04efe1b2234e6594e6cc; expires=Fri, 23-May-2014 19:06:20 GMT; path=/; domain=.zatoka-ua.com Set-Cookie: portal=main; expires=Fri, 24-Apr-2015 03:26:20 GMT; path=/; domain=.zatoka-ua.com X-Powered-By: PHP/5.3.28 | clean |
http://zatoka-ua.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 23 Apr 2014 19:06:21 GMT Pragma: no-cache Location: http://zatoka-ua.com Server: nginx admin Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=de18e63aa3697be89c6f74cdddbf374e; expires=Fri, 23-May-2014 19:06:20 GMT; path=/; domain=.zatoka-ua.com Set-Cookie: portal=main; expires=Fri, 24-Apr-2015 03:26:20 GMT; path=/; domain=.zatoka-ua.com X-Powered-By: PHP/5.3.28 | clean |
http://userapi.com/js/api/openapi.js?45 | 200 OK Content-Length: 63942 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=belgorod.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://belgorod.com.ua/
Result: belgorod.com.ua is not infected or malware details are not published yet.
Result: belgorod.com.ua is not infected or malware details are not published yet.