Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: architekt.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 17 Dec 2014 18:40:17 GMT
Accept-Ranges: bytes
ETag: "701867e5-1bd-509a719c38657"
Server: Apache
Content-Length: 445
Content-Type: text/html
Last-Modified: Sun, 07 Dec 2014 21:36:19 GMT
...445 bytes of data.
GET / HTTP/1.1
Host: architekt.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 17 Dec 2014 18:40:17 GMT
Accept-Ranges: bytes
ETag: "701867e5-1bd-509a719c38657"
Server: Apache
Content-Length: 445
Content-Type: text/html
Last-Modified: Sun, 07 Dec 2014 21:36:19 GMT
...445 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: architekt.pl
Referer: http://www.google.com/search?q=architekt.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: architekt.pl
Referer: http://www.google.com/search?q=architekt.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://kpot.net/ | 200 OK Content-Length: 6154 Content-Type: text/html | clean |
http://kpot.net/soft | 200 OK Content-Length: 19045 Content-Type: text/html | clean |
http://kpot.net/soft/portable/83789-adobe-photoshop-cs5-121-repackportable-tpa-by-tever.html | 200 OK Content-Length: 13255 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: use5-load.net.ua ...[6309 bytes skipped]... ows XP/Vista/7<br />ЯзÑк инÑеÑÑейÑа: Ð ÑÑÑкий<br />ÐекаÑÑÑво: не ÑÑебÑеÑÑÑ (Portable)<br />РазмеÑ: 59,5 MB<br />Ðоп. инÑоÑмаÑиÑ: ÐвÑÐ¾Ñ ÑбоÑки: ТевеÑ</p> <p>СкаÑаÑÑ Adobe Photoshop CS5 12.1 RePack Portable</p> </div> </article> <div class="files"><a href="http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=83&q=Adobe Photoshop CS5 12.1 RePack Portable.zip" target="_blank" rel="nofollow">СÐÐЧÐТЬ</a></div> <div class="files2">СкаÑаÑÑ ÑеÑез ÑоÑÑенÑ:</div> <div class="files"><a href="http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=41&q=Adobe Photoshop CS5 12.1 RePack Portable.torrent" target="_blank" rel="nofollow">СÐÐЧÐТЬ</a></div> <hr /> <div id=" ...[8914 bytes skipped]... | ||
http://kpot.net/soft/portable | 200 OK Content-Length: 19404 Content-Type: text/html | clean |
http://kpot.net/soft/portable/83787-tuneup-utilities-2012-1203600104-final-repackportable-by-kpojiuk_labs.html | 200 OK Content-Length: 14336 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: use5-load.net.ua ...[7343 bytes skipped]... 2<br />ÐлаÑÑоÑма: Windows 2000/XP/Vista/7<br />ЯзÑк инÑеÑÑейÑа: ÑÑÑÑкий | английÑкий<br />ÐекаÑÑÑво: ÐÑиÑо<br />РазмеÑ: 24,56 ÐÐ</p> <p>СкаÑаÑÑ TuneUp Utilities 2012 12.0.3600.104 Final Repack/Portable by KpoJIuK_Labs</p> </div> </article> <div class="files"><a href="http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=83&q=TuneUp Utilities 2012 12.0.3600.104 Final Repack Portable.zip" target="_blank" rel="nofollow">СÐÐЧÐТЬ</a></div> <div class="files2">СкаÑаÑÑ ÑеÑез ÑоÑÑенÑ:</div> <div class="files"><a href="http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=41&q=TuneUp Utilities 2012 12.0.3600.104 Final Repack Portable.torrent" target="_blank" rel="nofollow">СÐÐЧÐТЬ</a></div> ...[8871 bytes skipped]... | ||
http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=83&q=TuneUp Utilities 2012 12.0.3600.104 Final Repack Portable.zip | HTTP/1.1 302 Found Connection: close Date: Mon, 07 Apr 2014 00:43:04 GMT Location: http://use5-load.net.ua/?r=7764&s=83&q=TuneUp%20Utilities%202012%2012.0.3600.104%20Final%20Repack%20Portable.zip Server: nginx Vary: User-Agent,Accept-Encoding Content-Length: 747 Content-Type: text/html; charset="utf-8" X-Pingback: http://kpot.net/xmlrpc.php X-Powered-By: PHP/5.3.28 | malicious |
http://use5-load.net.ua/?r=7764&s=83&q=tuneup%20utilities%202012%2012.0.3600.104%20final%20repack%20portable.zip | HTTP/1.1 302 Found Connection: close Date: Mon, 07 Apr 2014 00:43:24 GMT Location: http://filueu4fourne.hp2-wg.net.ua/?r=7764&q=tuneup+utilities+2012+12.0.3600.104+final+repack+portable.zip Server: nginx/1.2.3 Content-Length: 0 Content-Type: text/html Set-Cookie: country=LT; expires=Wed, 07-May-2014 00:43:24 GMT; path=/ X-Powered-By: PHP/5.4.6 | clean |
http://filueu4fourne.hp2-wg.net.ua/?r=7764&q=tuneup+utilities+2012+12.0.3600.104+final+repack+portable.zip | 200 OK Content-Length: 40209 Content-Type: text/html | clean |
http://filueu4fourne.hp2-wg.net.ua/js/jquery-1.8.2.min.js | 200 OK Content-Length: 93436 Content-Type: application/x-javascript | clean |
http://kpot.net/js/customInput.jquery.js | 404 Not Found Content-Length: 1684 Content-Type: text/html | clean |
http://kpot.net/test404page.js | 404 Not Found Content-Length: 1684 Content-Type: text/html | clean |
http://kpot.net/js/checkbox.js | 404 Not Found Content-Length: 1684 Content-Type: text/html | clean |
http://kpot.net/js/main.js | 404 Not Found Content-Length: 1684 Content-Type: text/html | clean |
http://kpot.net/go/http://use5-load.net.ua/?r=7764&s=41&q=TuneUp Utilities 2012 12.0.3600.104 Final Repack Portable.torrent | HTTP/1.1 302 Found Connection: close Date: Mon, 07 Apr 2014 00:43:07 GMT Location: http://use5-load.net.ua/?r=7764&s=41&q=TuneUp%20Utilities%202012%2012.0.3600.104%20Final%20Repack%20Portable.torrent Server: nginx Vary: User-Agent,Accept-Encoding Content-Length: 755 Content-Type: text/html; charset="utf-8" X-Pingback: http://kpot.net/xmlrpc.php X-Powered-By: PHP/5.3.28 | malicious |
http://use5-load.net.ua/?r=7764&s=41&q=tuneup%20utilities%202012%2012.0.3600.104%20final%20repack%20portable.torrent | HTTP/1.1 302 Found Connection: close Date: Mon, 07 Apr 2014 00:43:27 GMT Location: http://bedtto0drruentks.hp2-wg.net.ua/?r=7764&q=tuneup+utilities+2012+12.0.3600.104+final+repack+portable.torrent Server: nginx/1.2.3 Content-Length: 0 Content-Type: text/html Set-Cookie: country=LT; expires=Wed, 07-May-2014 00:43:27 GMT; path=/ X-Powered-By: PHP/5.4.6 | clean |
http://bedtto0drruentks.hp2-wg.net.ua/?r=7764&q=tuneup+utilities+2012+12.0.3600.104+final+repack+portable.torrent | 200 OK Content-Length: 35276 Content-Type: text/html | clean |
http://bedtto0drruentks.hp2-wg.net.ua/?search=%D0%A4%D0%B8%D0%BB%D1%8C%D0%BC | 200 OK Content-Length: 122317 Content-Type: text/html | clean |
http://bedtto0drruentks.hp2-wg.net.ua/?search=%D0%BD%D0%B0%D1%88%D0%B5+%D0%BA%D0%B8%D0%BD%D0%BE | 200 OK Content-Length: 117609 Content-Type: text/html | clean |
http://bedtto0drruentks.hp2-wg.net.ua/?search=%D0%A2%D0%B5%D0%B0%D1%82%D1%80 | 200 OK Content-Length: 120408 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kpot.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kpot.net/
Result: kpot.net is not infected or malware details are not published yet.
Result: kpot.net is not infected or malware details are not published yet.