Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://pgexpress.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: pgexpress.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 21 Jun 2014 14:57:15 GMT Location: http://alfsystem.com.my/includes/domit/1.php Server: Jino.ru/mod_pizza Content-Length: 0 Content-Type: text/html | malicious |
URL: http://alfsystem.com.my/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: alfsystem.com.my Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Jun 2014 14:57:15 GMT Location: http://www.csra.de/includes/domit/1.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | malicious |
URL: http://www.csra.de/includes/domit/1.php (imitation of visitor from search engine) GET /includes/domit/1.php HTTP/1.1 Host: www.csra.de Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Jun 2014 14:57:16 GMT Location: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.29 | malicious |
URL: http://jbtconsultinggroup.com/components/com_user/views/login/tmpl/1/all3.php (imitation of visitor from search engine) GET /components/com_user/views/login/tmpl/1/all3.php HTTP/1.1 Host: jbtconsultinggroup.com Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Jun 2014 14:57:16 GMT Location: http://rumbatraf.com/?sid=377&land=3&cost=500 Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
URL: http://rumbatraf.com/?sid=377&land=3&cost=500 (imitation of visitor from search engine) GET /?sid=377&land=3&cost=500 HTTP/1.1 Host: rumbatraf.com Referer: http://www.google.com/search?q=redirect+check5 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Jun 2014 15:09:42 GMT Location: http://trtd9.ru/e/92.php?type=click&price=500&landing=1&additional_param=377a2531403363382577822 Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | suspicious |
URL: http://trtd9.ru/e/92.php?type=click&price=500&landing=1&additional_param=377a2531403363382577822 (imitation of visitor from search engine) GET /e/92.php?type=click&price=500&landing=1&additional_param=377a2531403363382577822 HTTP/1.1 Host: trtd9.ru Referer: http://www.google.com/search?q=redirect+check6 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate Connection: close Date: Sat, 21 Jun 2014 14:57:26 GMT Pragma: no-cache Location: http://tds.juddy.biz/tbmtb.php?additional_param=377a2531403363382577822 Server: nginx/1.2.1 Content-Type: text/html Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Sat, 21 Jun 2014 14:57:26GMT X-Powered-By: PHP/5.4.4-14+deb7u9 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://pgexpress.ru/ | 200 OK Content-Length: 30230 Content-Type: text/html | clean |
http://pgexpress.ru/media/system/js/caption.js | 200 OK Content-Length: 2034 Content-Type: application/javascript | clean |
http://pgexpress.ru/modules/mod_imgscrawler/tmpl/crawler.js | 200 OK Content-Length: 9286 Content-Type: application/javascript | clean |
http://pgexpress.ru/modules/mod_news_pro_gk4/interface/scripts/engine-mootools-11.js | 200 OK Content-Length: 9682 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://pgexpress.ru/js/jquery.leanModal.min.js | 200 OK Content-Length: 1038 Content-Type: application/javascript | clean |
http://pgexpress.ru/js/jquery.ui.datepicker-ru.js | 200 OK Content-Length: 1155 Content-Type: application/javascript | clean |
http://pgexpress.ru/templates/express/js/hoverIntent.js | 200 OK Content-Length: 3257 Content-Type: application/javascript | clean |
http://pgexpress.ru/templates/express/js/superfish.js | 200 OK Content-Length: 3956 Content-Type: application/javascript | clean |
http://pgexpress.ru/templates/express/js/js_calendar.js | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
http://pgexpress.ru/templates/express/js/ | 403 Forbidden Content-Length: 1735 Content-Type: text/html | clean |
http://pgexpress.ru/test404page.js | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
http://pgexpress.ru/templates/express/js/jqueryRotate.js | 200 OK Content-Length: 14423 Content-Type: application/javascript | clean |
http://pgexpress.ru/js/jquery-ui-1.8.14.custom.min.js | 200 OK Content-Length: 41057 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pgexpress.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pgexpress.ru/
Result: pgexpress.ru is not infected or malware details are not published yet.
Result: pgexpress.ru is not infected or malware details are not published yet.