Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pron-ex.ru-ero-national.net
Result:
HTTP/1.1 302 Moved Permanently
Connection: close
Date: Sun, 01 Mar 2015 23:48:08 GMT
Location: http://pron-ex.ru-ero-national.net/1344625140b/
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Inspect: SP2H4H5G7I1I3I4I6
Set-Cookie: uid=ZdgTdQklKiCOT5KDYKGgRwLlIw24aCT03lT8UlG4G09BmINAmunk0Sl4Uqi6CMRZc7mGgF7D2um%2BLQfdyTrZuvNd3hzbnoOQ101CqLgPpW7%2BqWwkVH9ZgSwBP6WcfXlRn8oYef3SkSZG7ZTi8V9vip99J0QrXo2v8GpkJUQAkGyh0PDsfegJQ8yqMrvNznwuUsh94wD4o%2FamyzOm33ovwg%3D%3D; expires=Mon, 02-Mar-2015 00:48:08 GMT; path=/
Set-Cookie: token=Jyc%3D; expires=Sun, 01-Mar-2015 23:53:08 GMT; path=/1344625140b
X-Powered-By: PHP/5.4.36-1~dotdeb.1
...0 bytes of data.
GET / HTTP/1.1
Host: pron-ex.ru-ero-national.net
Result:
HTTP/1.1 302 Moved Permanently
Connection: close
Date: Sun, 01 Mar 2015 23:48:08 GMT
Location: http://pron-ex.ru-ero-national.net/1344625140b/
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Inspect: SP2H4H5G7I1I3I4I6
Set-Cookie: uid=ZdgTdQklKiCOT5KDYKGgRwLlIw24aCT03lT8UlG4G09BmINAmunk0Sl4Uqi6CMRZc7mGgF7D2um%2BLQfdyTrZuvNd3hzbnoOQ101CqLgPpW7%2BqWwkVH9ZgSwBP6WcfXlRn8oYef3SkSZG7ZTi8V9vip99J0QrXo2v8GpkJUQAkGyh0PDsfegJQ8yqMrvNznwuUsh94wD4o%2FamyzOm33ovwg%3D%3D; expires=Mon, 02-Mar-2015 00:48:08 GMT; path=/
Set-Cookie: token=Jyc%3D; expires=Sun, 01-Mar-2015 23:53:08 GMT; path=/1344625140b
X-Powered-By: PHP/5.4.36-1~dotdeb.1
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pron-ex.ru-ero-national.net
Referer: http://www.google.com/search?q=pron-ex.ru-ero-national.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pron-ex.ru-ero-national.net
Referer: http://www.google.com/search?q=pron-ex.ru-ero-national.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://pron-ex.ru-ero-national.net/ | HTTP/1.1 302 Moved Permanently Connection: close Date: Sun, 01 Mar 2015 23:48:08 GMT Location: http://pron-ex.ru-ero-national.net/1344625140b/ Server: nginx/1.7.9 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Inspect: SP2H4H5G7I1I3I4I6 Set-Cookie: uid=ZdgTdQklKiCOT5KDYKGgRwLlIw24aCT03lT8UlG4G09BmINAmunk0Sl4Uqi6CMRZc7mGgF7D2um%2BLQfdyTrZuvNd3hzbnoOQ101CqLgPpW7%2BqWwkVH9ZgSwBP6WcfXlRn8oYef3SkSZG7ZTi8V9vip99J0QrXo2v8GpkJUQAkGyh0PDsfegJQ8yqMrvNznwuUsh94wD4o%2FamyzOm33ovwg%3D%3D; expires=Mon, 02-Mar-2015 00:48:08 GMT; path=/ Set-Cookie: token=Jyc%3D; expires=Sun, 01-Mar-2015 23:53:08 GMT; path=/1344625140b X-Powered-By: PHP/5.4.36-1~dotdeb.1 | clean |
http://pron-ex.ru-ero-national.net/1344625140b/ | 200 OK Content-Length: 13135 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/cancel | 200 OK Content-Length: 11855 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/. | 200 OK Content-Length: 13135 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp2/enter | 200 OK Content-Length: 8988 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp2/cancel | 404 Not Found Content-Length: 302 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp2/. | 404 Not Found Content-Length: 296 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp2/stp2/enter | 404 Not Found Content-Length: 306 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp2/stp1 | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625140b/stp1 | 200 OK Content-Length: 12092 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/. | HTTP/1.1 302 Moved Permanently Connection: close Date: Sun, 01 Mar 2015 23:48:10 GMT Location: http://pron-ex.ru-ero-national.net/1344625141u/. Server: nginx/1.7.9 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Inspect: SP2H4H5G7I1I3I4I6 Set-Cookie: uid=ZdgTdQklKiCOT5KDYKGgRwLlIw24aCT03lT8UlG4G0%2BCfie9nwhhpnWa2k%2FxpsKKc7mGgF7D2um%2BLQfdyTrZuvNd3hzbnoOQ101CqLgPpW7%2BqWwkVH9ZgSwBP6WcfXlRn8oYef3SkSZG7ZTi8V9vip99J0QrXo2v8GpkJUQAkGyh0PDsfegJQ8yqMrvNznwuUsh94wD4o%2FamyzOm33ovwg%3D%3D; expires=Mon, 02-Mar-2015 00:48:10 GMT; path=/ Set-Cookie: token=Jyc%3D; expires=Sun, 01-Mar-2015 23:53:10 GMT; path=/1344625141u X-Powered-By: PHP/5.4.36-1~dotdeb.1 | clean |
http://pron-ex.ru-ero-national.net/1344625141u/. | 200 OK Content-Length: 13135 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625141u/cancel | 200 OK Content-Length: 11855 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625141u/stp2/enter | 200 OK Content-Length: 8988 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625141u/stp2/cancel | 404 Not Found Content-Length: 302 Content-Type: text/html | clean |
http://pron-ex.ru-ero-national.net/1344625141u/stp2/. | 404 Not Found Content-Length: 296 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pron-ex.ru-ero-national.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pron-ex.ru-ero-national.net/
Result: pron-ex.ru-ero-national.net is not infected or malware details are not published yet.
Result: pron-ex.ru-ero-national.net is not infected or malware details are not published yet.