Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://rewk.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: rewk.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Sep 2014 17:25:26 GMT Location: http://bitly.com/STTMlN Server: nginx/1.6.0 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://bitly.com/STTMlN (imitation of visitor from search engine) GET /STTMlN HTTP/1.1 Host: bitly.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: private; max-age=90 Connection: close Date: Mon, 08 Sep 2014 17:25:27 GMT Location: http://goo.gl/0rXySb Server: nginx Content-Length: 112 Content-Type: text/html; charset=utf-8 Mime-Version: 1.0 Set-Cookie: _bit=540de687-000f2-07648-441cf10a;domain=.bitly.com;expires=Sat Mar 7 17:25:27 2015;path=/; HttpOnly | malicious |
URL: http://goo.gl/0rXySb (imitation of visitor from search engine) GET /0rXySb HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Mon, 08 Sep 2014 17:23:06 GMT Pragma: no-cache Age: 141 Location: http://sh.oowoo.ru/redsh.php Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
URL: http://sh.oowoo.ru/redsh.php (imitation of visitor from search engine) GET /redsh.php HTTP/1.1 Host: sh.oowoo.ru Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Sep 2014 17:24:10 GMT Location: http://almrus.ru/main/99-admin.html Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=CP1251 X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
Request | Server response | Status |
http://rewk.ru/ | 200 OK Content-Length: 25806 Content-Type: text/html | clean |
http://rewk.ru/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/x-javascript | clean |
http://rewk.ru/wp-content/themes/paragrams/js/columnizer.js | 200 OK Content-Length: 6294 Content-Type: application/x-javascript | clean |
http://rewk.ru/wp-content/themes/paragrams/js/columnize.js | 200 OK Content-Length: 207 Content-Type: application/x-javascript | clean |
http://rewk.ru/wp-content/themes/paragrams/js/menu.js | 200 OK Content-Length: 373 Content-Type: application/x-javascript | clean |
http://qwepa.net/js?id=18173 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://rewk.ru/?feed=rss2 | 200 OK Content-Length: 58215 Content-Type: text/xml | clean |
http://rewk.ru/wp-content/uploads/2013/05/large.jpg | 200 OK Content-Length: 33914 Content-Type: image/jpeg | clean |
http://rewk.ru/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Sep 2014 17:25:31 GMT Location: http://goo.gl/0rXySb Server: nginx/1.6.0 Content-Type: text/html; charset=iso-8859-1 | clean |
http://goo.gl/0rxysb | 404 Not Found Content-Length: 4438 Content-Type: text/html | clean |
http://goo.gl/static/0048.urlshortener.js | 200 OK Content-Length: 66116 Content-Type: text/javascript | clean |
http://rewk.ru//www.google.com/support/websearch/bin/answer.py?answer=190768/ | HTTP/1.1 302 Found Connection: close Date: Mon, 08 Sep 2014 17:25:32 GMT Location: http://goo.gl/0rXySb Server: nginx/1.6.0 Content-Type: text/html; charset=iso-8859-1 | clean |
http://goo.gl/test404page.js | 404 Not Found Content-Length: 4446 Content-Type: text/html | clean |
http://goo.gl/ | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Mon, 08 Sep 2014 17:25:32 GMT Location: https://www.google.com/accounts/ServiceLogin?service=urlshortener&continue=http://goo.gl/?authed%3D1&followup=http://goo.gl/?authed%3D1&passive=true&go=true Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 08 Sep 2014 17:25:32 GMT Alternate-Protocol: 80:quic Set-Cookie: authed=1;Path=/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/accounts/servicelogin?service=urlshortener&continue=http://goo.gl/?authed%3d1&followup=http://goo.gl/?authed%3d1&passive=true&go=true | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Mon, 08 Sep 2014 17:25:32 GMT Location: https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&followup=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&passive=true&go=true Server: GSE Content-Length: 370 Content-Type: text/html; charset=UTF-8 Expires: Mon, 08 Sep 2014 17:25:32 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&followup=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&passive=true&go=true | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Mon, 08 Sep 2014 17:25:33 GMT Server: GSE Content-Length: 1491 Content-Type: text/html; charset=UTF-8 Expires: Mon, 08 Sep 2014 17:25:33 GMT Alternate-Protocol: 443:quic Set-Cookie: GAPS=1:d3oMCGc-HISCwlTTz8_wKjaK-SU5oA:97aTgo2c7vTwNL7R;Path=/;Expires=Wed, 07-Sep-2016 17:25:33 GMT;Secure;HttpOnly;Priority=HIGH Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/& | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
https://accounts.google.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://accounts.google.com/test404page.js | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
http://accounts.google.com//www.google.com/ | 404 Not Found Content-Length: 1413 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rewk.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rewk.ru/
Result: rewk.ru is not infected or malware details are not published yet.
Result: rewk.ru is not infected or malware details are not published yet.