Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: smiswww.iki.rssi.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 15 Nov 2015 22:01:42 GMT
Server: Microsoft-IIS/7.5
Content-Length: 74782
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=qooa3hk5jcogwmfvjxybmbal; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...74782 bytes of data.
GET / HTTP/1.1
Host: smiswww.iki.rssi.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 15 Nov 2015 22:01:42 GMT
Server: Microsoft-IIS/7.5
Content-Length: 74782
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=qooa3hk5jcogwmfvjxybmbal; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...74782 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: smiswww.iki.rssi.ru
Referer: http://www.google.com/search?q=smiswww.iki.rssi.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: smiswww.iki.rssi.ru
Referer: http://www.google.com/search?q=smiswww.iki.rssi.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://smiswww.iki.rssi.ru/ | 200 OK Content-Length: 74782 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/scripts/jquery-1.3.2.js | 200 OK Content-Length: 55774 Content-Type: application/x-javascript | clean |
http://smiswww.iki.rssi.ru/scripts/jquery.query-2.1.5.js | 200 OK Content-Length: 7683 Content-Type: application/x-javascript | clean |
http://smiswww.iki.rssi.ru/scripts/jscript.js | 200 OK Content-Length: 2402 Content-Type: application/x-javascript | clean |
http://smiswww.iki.rssi.ru/WebResource.axd?d=HkGVbyS4xPDY6z2lE3__bwYCVUDSbau1Vy4qw-WXFZQ5syRuMJU1_wpMIiR5tGN-cYKQhE-rkx0ny0IHUZQp8lam9vQMh3bgoxyXljBH2qw1&t=635802961220000000 | 200 OK Content-Length: 22346 Content-Type: application/x-javascript | clean |
http://smiswww.iki.rssi.ru/WebResource.axd?d=EDTNDiCbjB3DxWmW6CDhwwS1QGDxQQNebqBnkkcOjCHJsbBci_QTDV-quvlUZIByY_L6qC6MiTt09TF-7F2awmrCV_duGvsVUih2ptq58A41&t=635802961220000000 | 200 OK Content-Length: 9348 Content-Type: application/x-javascript | clean |
http://smiswww.iki.rssi.ru/WebResource.axd?d=H9HFe3kv1BA6TXSPFATQn8CQQp7GuUO7XJns7XciW_7sjnfNYX4cdeyo5ocFbW9f54cijdI1tyBm6m0hYGLggAlpHWfhOLXsTHV9EFgCKRw1&t=635802961220000000 | 200 OK Content-Length: 26951 Content-Type: application/x-javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 25240 Content-Type: text/javascript | clean |
http://smiswww.iki.rssi.ru/default.aspx?page=80 | 200 OK Content-Length: 46327 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/default.aspx?page=1 | 200 OK Content-Length: 74860 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/default.aspx?page=12 | 200 OK Content-Length: 42673 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/ http://pro-vega.ru | 404 Not Found Content-Length: 1207 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/test404page.js | 404 Not Found Content-Length: 1207 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/default.aspx?page=17 | 200 OK Content-Length: 72717 Content-Type: text/html | clean |
http://smiswww.iki.rssi.ru/default.aspx?page=6 | 200 OK Content-Length: 46612 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=smiswww.iki.rssi.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://smiswww.iki.rssi.ru/
Result: smiswww.iki.rssi.ru is not infected or malware details are not published yet.
Result: smiswww.iki.rssi.ru is not infected or malware details are not published yet.