Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Result:
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Referer: http://www.google.com/search?q=attorneygeneralericholderontwitter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Referer: http://www.google.com/search?q=attorneygeneralericholderontwitter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://black-warez.ru/ | 200 OK Content-Length: 65157 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/engine/classes/min/index.php?charset=windows-1251&g=general&3 | 200 OK Content-Length: 157641 Content-Type: application/x-javascript | clean |
http://black-warez.ru/engine/classes/min/index.php?charset=windows-1251&f=engine/classes/highslide/highslide.js&3 | 200 OK Content-Length: 31982 Content-Type: application/x-javascript | clean |
http://black-warez.ru/index.php?do=register | 200 OK Content-Length: 38592 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://black-warez.ru/engine/goto.php | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Tue, 26 Aug 2014 18:04:41 GMT Location: http://vlob.maksv.online.e-autopay.com Server: nginx/1.6.1 Content-Length: 0 Content-Type: text/html Expires: Tue, 26 Aug 2014 18:04:41 GMT X-Powered-By: PHP/5.2.17 | clean |
http://vlob.maksv.online.e-autopay.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 26 Aug 2014 18:04:42 GMT Location: http://rabotaizdoma.ru/vlob/letter.html Server: nginx/1.4.1 Content-Type: text/html; charset=utf-8 Set-Cookie: online_bltynbabrfnjhrhn=4657; expires=Wed, 26-Aug-2015 18:04:42 GMT; path=/; domain=online.e-autopay.com Set-Cookie: s53dd07da9806f8b4554fa9e79d96001d=283611888; expires=Mon, 31-Dec-2029 20:00:00 GMT; path=/; domain=online.e-autopay.com X-Powered-By: PHP/5.3.25 | clean |
http://rabotaizdoma.ru/vlob/letter.html | 200 OK Content-Length: 18197 Content-Type: text/html | clean |
http://rabotaizdoma.ru/vlob/files/jquery.js | 200 OK Content-Length: 92629 Content-Type: application/x-javascript | clean |
http://black-warez.ru/engine/js/jquery.min.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0 Connection: close Date: Tue, 26 Aug 2014 18:04:43 GMT Location: http://black-warez.ru/engine/js/jquery.min.js/ Server: nginx/1.6.1 Content-Length: 254 Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 26 Aug 2014 18:04:43 GMT | clean |
http://black-warez.ru/engine/js/jquery.min.js/ | 404 Not Found Content-Length: 30864 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/index.php?do=feedback | 200 OK Content-Length: 33903 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/soft/ | 200 OK Content-Length: 68070 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/soft/125676-artcam-2010-sp4-x86x64-rus.html | 200 OK Content-Length: 45015 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru//yandex.st/share/share.js/ | 404 Not Found Content-Length: 30857 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/films/ | 200 OK Content-Length: 79199 Content-Type: text/html | suspicious |
Suspicious code found </span> | ||
http://black-warez.ru/films/125609-pervaya-mirovaya-1-seriya2014-satrip.html | 200 OK Content-Length: 39365 Content-Type: text/html | suspicious |
Suspicious code found <!-- begin of Top100 code --> <script id="top100Counter" type="text/javascript" src="http://counter.rambler.ru/top100.jcn?2237793"></script> <noscript> <a rel="nofollow" href="http://top100.rambler.ru/navi/2237793/"> <img src="http://counter.rambler.ru/top100.cnt?2237793" style="width:88px; height:31px; border:0px;" alt="Rambler's Top100"/></a> </noscript> | ||
http://black-warez.ru/dl2/goto.php?file=aHR0cDovL2ZpbGxlaS1jbDB1ZHMuZnF5bWoucHAudWEvP3E9JUNGJUU1JUYwJUUyJUUwJUZGKyVDQyVFOCVGMCVFRSVFMiVFMCVGRislMjgxKyVGMSVFNSVGMCVFOCVGRiUyRjIwMTQlMjkrU0FUUmlwJnI9OTc0MiZsPWh0dHAlM0ElMkYlMkZsZXRpdGJpdC5uZXQlMkZkb3dubG9hZCUyRjE2MDY4LjE2N2YxODE0MTgyYjM2MWMzOTEwMGY5Mjk2NTMlMkZQZXJ2YWphLm1pcm92YWphLjAxLmF2aS5odG1sJTdDaHR0cCUzQSUyRiUyRnR1cmJvYml0Lm5ldCUyRjkxbWZjM3d3MGVnaC5odG1s | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Tue, 26 Aug 2014 18:04:45 GMT Location: http://fillei-cl0uds.fqymj.pp.ua/?q=%CF%E5%F0%E2%E0%FF+%CC%E8%F0%EE%E2%E0%FF+%281+%F1%E5%F0%E8%FF%2F2014%29+SATRip&r=9742&l=http%3A%2F%2Fletitbit.net%2Fdownload%2F16068.167f1814182b361c39100f929653%2FPervaja.mirovaja.01.avi.html%7Chttp%3A%2F%2Fturbobit.net%2F91mfc3ww0egh.html Server: nginx/1.6.1 Content-Length: 0 Content-Type: text/html Expires: Tue, 26 Aug 2014 18:04:45 GMT X-Powered-By: PHP/5.2.17 | malicious |
http://fillei-cl0uds.fqymj.pp.ua/?q=%cf%e5%f0%e2%e0%ff+%cc%e8%f0%ee%e2%e0%ff+%281+%f1%e5%f0%e8%ff%2f2014%29+satrip&r=9742&l=http%3a%2f%2fletitbit.net%2fdownload%2f16068.167f1814182b361c39100f929653%2fpervaja.mirovaja.01.avi.html%7chttp%3a%2f%2fturbobit.net%2f91mfc3ww0egh.html | 200 OK Content-Length: 38988 Content-Type: text/html | clean |
http://fillei-cl0uds.fqymj.pp.ua/js/jquery.min.js | 200 OK Content-Length: 93867 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=black-warez.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://black-warez.ru/
Result: black-warez.ru is not infected or malware details are not published yet.
Result: black-warez.ru is not infected or malware details are not published yet.