Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sf-www.pk153.com
Result:
HTTP/1.1 500 Can't connect to sf-www.pk153.com:80 (Bad hostname)
Content-Type: text/plain
GET / HTTP/1.1
Host: sf-www.pk153.com
Result:
HTTP/1.1 500 Can't connect to sf-www.pk153.com:80 (Bad hostname)
Content-Type: text/plain
Second query (visit from search engine):
GET / HTTP/1.1
Host: sf-www.pk153.com
Referer: http://www.google.com/search?q=sf-www.pk153.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sf-www.pk153.com
Referer: http://www.google.com/search?q=sf-www.pk153.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.markahome.ru/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 02 Mar 2015 11:18:20 GMT Pragma: no-cache Location: http://nnnog0ofil1ues.smseptik.pp.ua/?r=16118 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=zW9Enqtg2NXK1CZfjnUPB3; expires=Mon, 02-Mar-2015 17:18:20 GMT; path=/ Set-Cookie: cook=ok; expires=Wed, 01-Apr-2015 11:18:20 GMT; path=/ Set-Cookie: advData=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: acc=16118; expires=Wed, 01-Apr-2015 11:18:20 GMT; path=/ Set-Cookie: pss=1425295100; expires=Mon, 02-Mar-2015 21:18:20 GMT; path=/ Set-Cookie: country=LT; expires=Wed, 01-Apr-2015 11:18:20 GMT; path=/ Set-Cookie: _cr02=1; expires=Tue, 03-Mar-2015 09:31:40 GMT; path=/ X-Powered-By: PHP/5.4.6 | malicious |
http://nnnog0ofil1ues.smseptik.pp.ua/?r=16118 | 200 OK Content-Length: 43115 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/js/jquery.min.js | 200 OK Content-Length: 93867 Content-Type: application/x-javascript | clean |
http://www.markahome.ru/js/main.js | 200 OK Content-Length: 2493 Content-Type: application/x-javascript | clean |
http://www.markahome.ru/login/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 02 Mar 2015 11:18:22 GMT Pragma: no-cache Location: http://nnnog0ofil1ues.smseptik.pp.ua/?r=16118 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=Tij1GYRt8OYLIDDY5jx0P2; expires=Mon, 02-Mar-2015 17:18:22 GMT; path=/ Set-Cookie: cook=ok; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: advData=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: acc=16118; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: pss=1425295102; expires=Mon, 02-Mar-2015 21:18:22 GMT; path=/ Set-Cookie: country=LT; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: _cr02=1; expires=Tue, 03-Mar-2015 09:31:42 GMT; path=/ X-Powered-By: PHP/5.4.6 | malicious |
http://nnnog0ofil1ues.smseptik.pp.ua/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://www.markahome.ru/?category=1 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 02 Mar 2015 11:18:22 GMT Pragma: no-cache Location: http://nnnog0ofil1ues.smseptik.pp.ua/?category=1&r=16118 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=sQfuum98sgj6tc%2CyM8Kbe1; expires=Mon, 02-Mar-2015 17:18:22 GMT; path=/ Set-Cookie: cook=ok; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: advData=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: acc=16118; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: pss=1425295102; expires=Mon, 02-Mar-2015 21:18:22 GMT; path=/ Set-Cookie: country=LT; expires=Wed, 01-Apr-2015 11:18:22 GMT; path=/ Set-Cookie: _cr02=1; expires=Tue, 03-Mar-2015 09:31:42 GMT; path=/ X-Powered-By: PHP/5.4.6 | malicious |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=1&r=16118 | 200 OK Content-Length: 65381 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/js/main.js | 200 OK Content-Length: 1957 Content-Type: application/x-javascript | clean |
http://www.markahome.ru/?category=2&subcategory=3 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 02 Mar 2015 11:18:23 GMT Pragma: no-cache Location: http://nnnog0ofil1ues.smseptik.pp.ua/?category=2&subcategory=3&r=16118 Server: nginx/1.2.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=vhqG%2CL3vh8faB0aA9d4iB0; expires=Mon, 02-Mar-2015 17:18:23 GMT; path=/ Set-Cookie: cook=ok; expires=Wed, 01-Apr-2015 11:18:23 GMT; path=/ Set-Cookie: advData=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ Set-Cookie: acc=16118; expires=Wed, 01-Apr-2015 11:18:23 GMT; path=/ Set-Cookie: pss=1425295103; expires=Mon, 02-Mar-2015 21:18:23 GMT; path=/ Set-Cookie: country=LT; expires=Wed, 01-Apr-2015 11:18:23 GMT; path=/ Set-Cookie: _cr02=1; expires=Tue, 03-Mar-2015 09:31:43 GMT; path=/ X-Powered-By: PHP/5.4.6 | malicious |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=2&subcategory=3&r=16118 | 200 OK Content-Length: 96909 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/ | 200 OK Content-Length: 46315 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/login/ | 200 OK Content-Length: 34897 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/sub_rules | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 11:18:25 GMT Location: http://nnnog0ofil1ues.smseptik.pp.ua/sub_rules/ Server: nginx/1.2.3 Content-Length: 184 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/sub_rules/ | 200 OK Content-Length: 75585 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/sub_control | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 11:18:26 GMT Location: http://nnnog0ofil1ues.smseptik.pp.ua/sub_control/ Server: nginx/1.2.3 Content-Length: 184 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/sub_control/ | 200 OK Content-Length: 37477 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=1 | 200 OK Content-Length: 69438 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=2&subcategory=3 | 200 OK Content-Length: 97883 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=3 | 200 OK Content-Length: 68076 Content-Type: text/html | clean |
http://nnnog0ofil1ues.smseptik.pp.ua/?category=4 | 200 OK Content-Length: 66894 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=markahome.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://markahome.ru/
Result: markahome.ru is not infected or malware details are not published yet.
Result: markahome.ru is not infected or malware details are not published yet.