Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jinyeprinting.com
Result:
GET / HTTP/1.1
Host: jinyeprinting.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: jinyeprinting.com
Referer: http://www.google.com/search?q=jinyeprinting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jinyeprinting.com
Referer: http://www.google.com/search?q=jinyeprinting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://odnoklasnikiru.ru/ | HTTP/1.1 302 Found Connection: close Date: Wed, 21 Jan 2015 16:48:27 GMT Location: http://contentmovey.org/?hash=8djjru Server: nginx/1.2.1 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.3-7+squeeze23 | malicious |
http://contentmovey.org/?hash=8djjru | HTTP/1.1 302 Found Connection: close Date: Wed, 21 Jan 2015 16:48:31 GMT Location: http://ero-adoniya.com/seximambo_ru/main.php?s=35612&tds_hash=8djjru&security_hash=d2b9d62481a3a9daa6257ffbdbdb12fd Server: nginx/1.4.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.5.1-1~dotdeb.1 X-Robots-Tag: noindex, nofollow, none, noarchive | clean |
http://ero-adoniya.com/seximambo_ru/main.php?s=35612&tds_hash=8djjru&security_hash=d2b9d62481a3a9daa6257ffbdbdb12fd | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 21 Jan 2015 16:48:31 GMT Pragma: no-cache Location: http://ero-adoniya.com/seximambo_ru/ Server: nginx/1.4.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=47f9tipiv33msfjen8vb27teo6; expires=Wed, 28-Jan-2015 16:48:31 GMT; Max-Age=604800; path=/; domain=ero-adoniya.com Set-Cookie: subaccount_id=35612; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: tds_hash=8djjru; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=.ero-adoniya.com Set-Cookie: town_name=Vilnius; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: country_code=LT; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: country_name=%D0%9B%D0%B8%D1%82%D0%B2%D0%B0; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: lang_code=ru; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: longitude=25.3167; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: latitude=54.6833; expires=Fri, 20-Feb-2015 16:48:31 GMT; Max-Age=2592000; path=/; domain=ero-adoniya.com Set-Cookie: hidesocial=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ero-adoniya.com Set-Cookie: noflash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ero-adoniya.com Set-Cookie: showstream=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=ero-adoniya.com Set-Cookie: exitPage_hash=c4af0ac7d23a7b8fb3a601b224c9d7ab; expires=Thu, 22-Jan-2015 16:48:31 GMT; Max-Age=86400; path=/; domain=ero-adoniya.com X-Powered-By: PHP/5.5.1-1~dotdeb.1 X-Robots-Tag: noindex, nofollow, none, noarchive | clean |
http://ero-adoniya.com/seximambo_ru/ | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://ero-adoniya.com/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=odnoklasnikiru.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://odnoklasnikiru.ru/
Result: odnoklasnikiru.ru is not infected or malware details are not published yet.
Result: odnoklasnikiru.ru is not infected or malware details are not published yet.