Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: images.fuskator.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Tue, 11 Nov 2014 19:53:29 GMT
Location: http://fuskator.com/
Server: nginx
Content-Length: 137
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=q4a5tnt15jrymng2pffesvie; path=/; HttpOnly
Set-Cookie: ecid=957419924392256867; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/
...137 bytes of data.
GET / HTTP/1.1
Host: images.fuskator.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Tue, 11 Nov 2014 19:53:29 GMT
Location: http://fuskator.com/
Server: nginx
Content-Length: 137
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=q4a5tnt15jrymng2pffesvie; path=/; HttpOnly
Set-Cookie: ecid=957419924392256867; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/
...137 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: images.fuskator.com
Referer: http://www.google.com/search?q=images.fuskator.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: images.fuskator.com
Referer: http://www.google.com/search?q=images.fuskator.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://images.fuskator.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Tue, 11 Nov 2014 19:53:29 GMT Location: http://fuskator.com/ Server: nginx Content-Length: 137 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=q4a5tnt15jrymng2pffesvie; path=/; HttpOnly Set-Cookie: ecid=957419924392256867; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/ | clean |
http://fuskator.com/ | 200 OK Content-Length: 63900 Content-Type: text/html | clean |
http://fuskator.com/WebResource.axd?d=ctoXoRE1E7odqeOmVN0bfpFbdA_iqGz-ClmO_P4oF0mDPDxTNVbyUry2EVzS48W36X8EdxK3GKpf0bPRy5EoULKisS1m59HB7qsYuyWRhuQ1&t=635201046537823876 | 200 OK Content-Length: 22346 Content-Type: application/x-javascript | clean |
http://images.fuskator.com/ScriptResource.axd?d=cYGV7GWKURdRVVgHOLhzd6JiPBoQPww8Y4kCdMNQ59zuPLKAsbOrLJAPBS0nFt1uW2m1fXVVZ2i5EzXUT2viUPqLkmpvVC-ClRrgc-DHooTNUBaAckPrfAaeAHgAXOQoZajY2An0pS-ANj6w2i4Cn1IpEaTOwUt3UEIT30K6yaM1&t=348b0da | 200 OK Content-Length: 102771 Content-Type: application/x-javascript | clean |
http://images.fuskator.com/ScriptResource.axd?d=C2VkY6SnwKrW8Y7DbxzmxgQQFz8aAxCnERVZE_W17hozfW1GR98UHbelDz33pVk2lzaHVh-S63ljICB1N-Wq8eyX0XAiCvY-ezGbDW4JYIwS8CT7byNnIB7G3gCYFRIOug01aT_oZFZmpFQ7_D3jVrW6QXFeiMFHszNcYVDsXziu-P5iF-vyHhBJlZYpmGdg0&t=348b0da | 200 OK Content-Length: 40326 Content-Type: application/x-javascript | clean |
http://images.fuskator.com//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js/ | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Tue, 11 Nov 2014 19:53:31 GMT Server: nginx Content-Length: 14690 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=5s1sj0v0nhoypjwe02sr2h3x; path=/; HttpOnly Set-Cookie: ecid=1508237865742613223; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/ | clean |
http://images.fuskator.com//www.fuskator.com/gallery/random/ | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Tue, 11 Nov 2014 19:53:31 GMT Server: nginx Content-Length: 14633 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=gvhbrip202nycooq1g24vuv2; path=/; HttpOnly Set-Cookie: ecid=3747212477972752620; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/ | clean |
http://images.fuskator.com/test404page.js | HTTP/1.1 404 Not Found Cache-Control: private Connection: close Date: Tue, 11 Nov 2014 19:53:33 GMT Server: nginx Content-Length: 14591 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=xu3yxtfpw5rn1gaebkqw3tbp; path=/; HttpOnly Set-Cookie: ecid=9196085905563602119; expires=Mon, 30-Dec-2030 23:00:00 GMT; path=/ | clean |
http://images.fuskator.com/scripts/global.min.js | 200 OK Content-Length: 11962 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=images.fuskator.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://images.fuskator.com/
Result: images.fuskator.com is not infected or malware details are not published yet.
Result: images.fuskator.com is not infected or malware details are not published yet.