Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://moneyoffice.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: moneyoffice.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 31 Aug 2014 17:57:28 GMT Location: http://iksearch.com/in.cgi?2¶meter=jewelry Server: Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://iksearch.com/in.cgi?2¶meter=jewelry (imitation of visitor from search engine) GET /in.cgi?2¶meter=jewelry HTTP/1.1 Host: iksearch.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sun, 31 Aug 2014 17:43:33 GMT Location: http://ad.admitad.com/goto/9d223943a82cfc6418340c8327c5c3/ Server: Apache/2.2.15 (CentOS) Content-Length: 320 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: wiyev=.owbADIAAgABAMVeA1T__8VeA1RAAAEAAADFXgNUAA--; expires=Mon, 31-Aug-2015 17:43:33 GMT; path=/; domain=iksearch.com | malicious |
URL: http://ad.admitad.com/goto/9d223943a82cfc6418340c8327c5c3/ (imitation of visitor from search engine) GET /goto/9d223943a82cfc6418340c8327c5c3/ HTTP/1.1 Host: ad.admitad.com Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 FOUND Connection: close Date: Sun, 31 Aug 2014 17:57:30 GMT Location: http://nebo.ru/?utm_source=cpamit&utm_medium=affiliates&utm_campaign=test&uid=56f0a8040363a983f73d315d09ae0e7c Server: nginx Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 P3P: CP="NON DSP COR CURa TIA" Set-Cookie: UID="expr=1472579850|id=56f0a8040363a983f73d315d09ae0e7c|v=2"; Domain=.ad.admitad.com; expires=Tue, 30-Aug-2016 21:57:30 GMT; Path=/ | suspicious |
Scanned pages/files
Request | Server response | Status |
http://moneyoffice.ru/ | 403 Forbidden Content-Length: 330 Content-Type: text/html | clean |
http://moneyoffice.ru/test404page.js | 403 Forbidden Content-Length: 330 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=moneyoffice.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://moneyoffice.ru/
Result: moneyoffice.ru is not infected or malware details are not published yet.
Result: moneyoffice.ru is not infected or malware details are not published yet.