Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exilium.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://exilium.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: exilium.ru
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 07 Jan 2015 16:53:42 GMT
Location: http://rublevskiypirs.ru/books?keyword=%D1%EA%E0%F7%E0%F2%FC+%F1%EA%E0%F7%E0%F2%FC+%E2%E0%F2%F6%E0%EF+%E4%EB%FF+%EA%EE%EC%EF%FC%FE%F2%E5%F0%E0+%EE%E1%ED%EE%E2%EB%E5%ED%EE+%F1%E5%E3%EE%E4%ED%FF%2C+%EF%EE%F1%EB%E5%E4%ED%FF%FF+%E2%E5%F0%F1%E8%FF%21&v=3&id_mark=912
Server: nginx/1.4.3
Content-Type: text/html
X-Powered-By: PHP/5.4.21-1~dotdeb.1
GET / HTTP/1.1
Host: exilium.ru
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Wed, 07 Jan 2015 16:53:42 GMT
Location: http://rublevskiypirs.ru/books?keyword=%D1%EA%E0%F7%E0%F2%FC+%F1%EA%E0%F7%E0%F2%FC+%E2%E0%F2%F6%E0%EF+%E4%EB%FF+%EA%EE%EC%EF%FC%FE%F2%E5%F0%E0+%EE%E1%ED%EE%E2%EB%E5%ED%EE+%F1%E5%E3%EE%E4%ED%FF%2C+%EF%EE%F1%EB%E5%E4%ED%FF%FF+%E2%E5%F0%F1%E8%FF%21&v=3&id_mark=912
Server: nginx/1.4.3
Content-Type: text/html
X-Powered-By: PHP/5.4.21-1~dotdeb.1
Second query (visit from search engine):
GET / HTTP/1.1
Host: exilium.ru
Referer: http://www.google.com/search?q=exilium.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: exilium.ru
Referer: http://www.google.com/search?q=exilium.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://exilium.ru/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 Jan 2015 16:53:42 GMT Location: http://rublevskiypirs.ru/books?keyword=%D1%EA%E0%F7%E0%F2%FC+%F1%EA%E0%F7%E0%F2%FC+%E2%E0%F2%F6%E0%EF+%E4%EB%FF+%EA%EE%EC%EF%FC%FE%F2%E5%F0%E0+%EE%E1%ED%EE%E2%EB%E5%ED%EE+%F1%E5%E3%EE%E4%ED%FF%2C+%EF%EE%F1%EB%E5%E4%ED%FF%FF+%E2%E5%F0%F1%E8%FF%21&v=3&id_mark=912 Server: nginx/1.4.3 Content-Type: text/html X-Powered-By: PHP/5.4.21-1~dotdeb.1 | clean |
http://rublevskiypirs.ru/books?keyword=%d1%ea%e0%f7%e0%f2%fc+%f1%ea%e0%f7%e0%f2%fc+%e2%e0%f2%f6%e0%ef+%e4%eb%ff+%ea%ee%ec%ef%fc%fe%f2%e5%f0%e0+%ee%e1%ed%ee%e2%eb%e5%ed%ee+%f1%e5%e3%ee%e4%ed%ff%2c+%ef%ee%f1%eb%e5%e4%ed%ff%ff+%e2%e5%f0%f1%e8%ff%21&v=3&id_mark=912 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Wed, 07 Jan 2015 16:53:43 GMT Pragma: no-cache Location: http://www.youcanfind.net/rl_cmprwm.php?ct=cq66j Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Wed, 07 Jan 2015 16:53:43 GMT X-Powered-By: PHP/5.4.34 | clean |
http://www.youcanfind.net/rl_cmprwm.php?ct=cq66j | HTTP/1.1 302 Found Connection: close Date: Wed, 07 Jan 2015 16:53:43 GMT Location: http://chlcotrk.com/mt/x254x274b4z2x2y234t2/&subid1=2400z6z1z0 Server: Apache/2.2.19 (Unix) PHP/5.1.6 mod_ssl/2.2.19 OpenSSL/0.9.7e-p1 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.1.6 | clean |
http://chlcotrk.com/mt/x254x274b4z2x2y234t2/&subid1=2400z6z1z0 | HTTP/1.1 302 nginx/1.1.19 Connection: Close Date: Wed, 07 Jan 2015 16:53:44 GMT Location: http://nw1.truedefendredirect.com/?oid=3299&s1=7a834e768c90f303a8d651acd619b6d3&s2=CD4823&s3=3299&s4=&s5= Content-Length: 0 Content-Type: text/html; charset=utf-8 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: mt_imp_3299=1; expires=Fri, 06-Feb-2015 16:53:44 GMT; path=/; domain=chlcotrk.com Set-Cookie: mt_muid=MT-54ad649825183-9495; expires=Fri, 06-Feb-2015 16:53:44 GMT; path=/; domain=chlcotrk.com Set-Cookie: mt_lds=7a834e768c90f303a8d651acd619b6d3; expires=Fri, 06-Feb-2015 16:53:44 GMT; path=/; domain=chlcotrk.com Set-Cookie: mt_clk=7a834e768c90f303a8d651acd619b6d3; path=/; domain=chlcotrk.com X-Powered-By: HHVM/3.0.1 | clean |
http://nw1.truedefendredirect.com/?oid=3299&s1=7a834e768c90f303a8d651acd619b6d3&s2=cd4823&s3=3299&s4=&s5= | HTTP/1.1 302 Moved Temporarily Connection: Close Date: Wed, 07 Jan 2015 16:53:44 GMT Location: http://68Fzz.titty.elitewindowstream.xyz/?sov=241786602&hid=ciegsegmkiogkcg&redid=788&id=XNSX.7a834e768c90f303a8d651acd619b6d3%3A%3Acd4823%3A%3A3299-r788 Server: nginx/1.2.8 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | clean |
http://68fzz.titty.elitewindowstream.xyz/?sov=241786602&hid=ciegsegmkiogkcg&redid=788&id=xnsx.7a834e768c90f303a8d651acd619b6d3%3a%3acd4823%3a%3a3299-r788 | 200 OK Content-Length: 12362 Content-Type: text/html | clean |
http://68fzz.titty.elitewindowstream.xyz/terms/privacy.html | 200 OK Content-Length: 24252 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://68fzz.titty.elitewindowstream.xyz/templates/_common/footer_links/js/script.js | 200 OK Content-Length: 5674 Content-Type: application/javascript | clean |
http://68fzz.titty.elitewindowstream.xyz//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://68fzz.titty.elitewindowstream.xyz/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://exilium.ru/terms/terms.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 Jan 2015 16:53:50 GMT Location: http://rublevskiypirs.ru/books?keyword=%D0%E0%E1%EE%F2%E0+%F1%E0%E9%F2%E0+%EF%F0%E8%EE%F1%F2%E0%ED%EE%E2%EB%E5%ED%E0&v=3&id_mark=912 Server: nginx/1.4.3 Content-Type: text/html X-Powered-By: PHP/5.4.21-1~dotdeb.1 | clean |
http://rublevskiypirs.ru/books?keyword=%d0%e0%e1%ee%f2%e0+%f1%e0%e9%f2%e0+%ef%f0%e8%ee%f1%f2%e0%ed%ee%e2%eb%e5%ed%e0&v=3&id_mark=912 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Wed, 07 Jan 2015 16:53:51 GMT Pragma: no-cache Location: http://www.youcanfind.net/rl_cmprwm.php?ct=cq66j Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Wed, 07 Jan 2015 16:53:51 GMT X-Powered-By: PHP/5.4.34 | clean |
http://exilium.ru/terms/aboutus.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 Jan 2015 16:53:51 GMT Location: http://rublevskiypirs.ru/books?keyword=%D0%E0%E1%EE%F2%E0+%F1%E0%E9%F2%E0+%EF%F0%E8%EE%F1%F2%E0%ED%EE%E2%EB%E5%ED%E0&v=3&id_mark=912 Server: nginx/1.4.3 Content-Type: text/html X-Powered-By: PHP/5.4.21-1~dotdeb.1 | clean |
http://exilium.ru/terms/privacy.html | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 Jan 2015 16:53:52 GMT Location: http://rublevskiypirs.ru/books?keyword=%D0%E0%E1%EE%F2%E0+%F1%E0%E9%F2%E0+%EF%F0%E8%EE%F1%F2%E0%ED%EE%E2%EB%E5%ED%E0&v=3&id_mark=912 Server: nginx/1.4.3 Content-Type: text/html X-Powered-By: PHP/5.4.21-1~dotdeb.1 | clean |
http://exilium.ru//titty.elitewindowstream.xyz/admin_config/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 Jan 2015 16:53:52 GMT Location: http://rublevskiypirs.ru/books?keyword=%D0%E0%E1%EE%F2%E0+%F1%E0%E9%F2%E0+%EF%F0%E8%EE%F1%F2%E0%ED%EE%E2%EB%E5%ED%E0&v=3&id_mark=912 Server: nginx/1.4.3 Content-Type: text/html X-Powered-By: PHP/5.4.21-1~dotdeb.1 | clean |