Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vuode.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Thu, 02 Oct 2014 22:17:09 GMT
Accept-Ranges: bytes
ETag: "76352e-f6-4f6288713c6da"
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html
Last-Modified: Thu, 03 Apr 2014 19:37:12 GMT
Set-Cookie: SERVERID=web1-3; path=/
...246 bytes of data.
GET / HTTP/1.1
Host: vuode.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Thu, 02 Oct 2014 22:17:09 GMT
Accept-Ranges: bytes
ETag: "76352e-f6-4f6288713c6da"
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 246
Content-Type: text/html
Last-Modified: Thu, 03 Apr 2014 19:37:12 GMT
Set-Cookie: SERVERID=web1-3; path=/
...246 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vuode.com
Referer: http://www.google.com/search?q=vuode.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vuode.com
Referer: http://www.google.com/search?q=vuode.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.rbs56.ru/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 04 May 2014 03:47:07 GMT Pragma: no-cache Location: http://liveinternet-counter.ws Server: Jino.ru/mod_pizza Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=a39b692edcfcc79af8c38ec59bbeb399; path=/ Set-Cookie: dle_user_hash=192e91aefa36871c7cbb09ec5518bce5; expires=Mon, 04-May-2015 03:47:07 GMT; path=/; httponly Set-Cookie: dle_user_id=deleted; expires=Sat, 04-May-2013 03:47:06 GMT; path=/; domain=.rbs56.ru; httponly Set-Cookie: dle_password=deleted; expires=Sat, 04-May-2013 03:47:06 GMT; path=/; domain=.rbs56.ru; httponly Set-Cookie: dle_hash=deleted; expires=Sat, 04-May-2013 03:47:06 GMT; path=/; domain=.rbs56.ru; httponly | clean |
http://liveinternet-counter.ws/ | HTTP/1.1 200 OK Connection: close Date: Sun, 04 May 2014 03:47:07 GMT Server: cloudflare-nginx Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 CF-RAY: 1251b7156cde0899-FRA Set-Cookie: __cfduid=dbcbf4d7f6529255622d7727726f626371399175227741; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.liveinternet-counter.ws; HttpOnly | malicious |
http://cdn-russia.net.in/update/msie | 404 Not Found Content-Length: 4833 Content-Type: text/html | clean |
http://cdn-russia.net.in/cdn-cgi/se/javascripts/modernizr.js | 200 OK Content-Length: 7305 Content-Type: application/javascript | clean |
http://www.rbs56.ru/. | 200 OK Content-Length: 16793 Content-Type: text/html | clean |
http://www.rbs56.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 78601 Content-Type: application/javascript | clean |
http://www.rbs56.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 64128 Content-Type: application/javascript | clean |
http://www.rbs56.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 15271 Content-Type: application/javascript | clean |
http://www.rbs56.ru/templates/Default/js/topmenu.js | 200 OK Content-Length: 7628 Content-Type: application/javascript | clean |
http://www.rbs56.ru/templates/Default/js/libs.js | 200 OK Content-Length: 721 Content-Type: application/javascript | clean |
http://www.rbs56.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
http://www.rbs56.ru/test404page.js | 404 Not Found Content-Length: 1734 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rbs56.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rbs56.ru/
Result: rbs56.ru is not infected or malware details are not published yet.
Result: rbs56.ru is not infected or malware details are not published yet.