Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Result:
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Referer: http://www.google.com/search?q=attorneygeneralericholderontwitter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: attorneygeneralericholderontwitter.com
Referer: http://www.google.com/search?q=attorneygeneralericholderontwitter.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://incheats.ru/ | 200 OK Content-Length: 30665 Content-Type: text/html | clean |
http://s55.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s55.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s55.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://incheats.ru/load | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Thu, 22 Jan 2015 13:43:20 GMT Location: http://incheats.ru/load/ Server: uServ/3.2.2 Content-Type: application/octet-stream Set-Cookie: 2sp1nn-designuCoz=; path=/; expires=Tue, 22-Jan-2013 13:43:21 GMT; domain=.incheats.ru; | clean |
http://incheats.ru/load/ | 200 OK Content-Length: 31937 Content-Type: text/html | clean |
http://incheats.ru/index/0-3 | 200 OK Content-Length: 20859 Content-Type: text/html | clean |
http://incheats.ru/publ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Thu, 22 Jan 2015 13:43:21 GMT Location: http://incheats.ru/publ/ Server: uServ/3.2.2 Content-Type: application/octet-stream Set-Cookie: 2sp1nn-designuCoz=; path=/; expires=Tue, 22-Jan-2013 13:43:22 GMT; domain=.incheats.ru; | clean |
http://incheats.ru/publ/ | 200 OK Content-Length: 29890 Content-Type: text/html | clean |
http://incheats.ru/load/prochie_chity/wot/rabochij_chit_na_zoloto_dlja_world_of_tanks_0_8_7/12-1-0-239 | 200 OK Content-Length: 16716 Content-Type: text/html | clean |
http://s55.ucoz.net/src/socCom.js | 200 OK Content-Length: 6344 Content-Type: text/javascript | clean |
http://s55.ucoz.net/cgi/uutils.fcg?a=soc_comment_get_data&site=2sp1nn-design | 200 OK Content-Length: 529 Content-Type: application/javascript | clean |
http://incheats.ru/load/prochie_chity/wot/12 | 200 OK Content-Length: 31500 Content-Type: text/html | clean |
http://incheats.ru/load/prochie_chity/wot/olenemetr_dlja_wot_0_8_7/12-1-0-238 | 200 OK Content-Length: 16213 Content-Type: text/html | clean |
http://incheats.ru/load/0-0-1-238-20 | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Thu, 22 Jan 2015 13:43:23 GMT Location: http://ticnofiledownloader.com/13/?wmid=wbsm_3327.1_sftport&url=aHR0cHM6Ly93b3QteHZtLmdvb2dsZWNvZGUuY29tL2ZpbGVzL3h2bS00LjAuMC56aXA= Server: uServ/3.2.2 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: 2sp1nn-designuCoz=; path=/; expires=Tue, 22-Jan-2013 13:43:24 GMT; domain=.incheats.ru; Set-Cookie: 2sp1nn-designld=7gB9/sBU; path=/load; expires=Fri, 22-Jan-2016 13:43:24 GMT; domain=.incheats.ru; | malicious |
http://ticnofiledownloader.com/13/?wmid=wbsm_3327.1_sftport&url=ahr0chm6ly93b3qtehztlmdvb2dszwnvzguuy29tl2zpbgvzl3h2bs00ljaumc56axa= | 200 OK Content-Length: 300829 Content-Type: application/octet-stream | clean |
http://ticnofiledownloader.com/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://incheats.ru/search/%D0%BE%D0%BB%D0%B5%D0%BD%D0%B5%D0%BC%D0%B5%D1%82%D1%80/ | 200 OK Content-Length: 22315 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=incheats.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://incheats.ru/
Result: incheats.ru is not infected or malware details are not published yet.
Result: incheats.ru is not infected or malware details are not published yet.