Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://ugata.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: ugata.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sat, 03 May 2014 14:00:08 GMT Location: http://goo.gl/0rXySb Server: nginx/1.2.0 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://goo.gl/0rXySb (imitation of visitor from search engine) GET /0rXySb HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Sat, 03 May 2014 13:59:39 GMT Pragma: no-cache Age: 29 Location: http://sh.oowoo.ru/redsh.php Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
URL: http://sh.oowoo.ru/redsh.php (imitation of visitor from search engine) GET /redsh.php HTTP/1.1 Host: sh.oowoo.ru Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Found Connection: close Date: Sat, 03 May 2014 13:55:09 GMT Location: http://targetnow.biz/?code=ojradz Server: nginx/1.1.10 Content-Length: 0 Content-Type: text/html; charset=cp1251 X-Powered-By: PHP/5.2.17 | suspicious |
URL: http://targetnow.biz/?code=ojradz (imitation of visitor from search engine) GET /?code=ojradz HTTP/1.1 Host: targetnow.biz Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Found Connection: close Date: Sat, 03 May 2014 14:00:08 GMT Location: http://erostrana.org/main.php?s=36984&c=n&security_hash=58b9f6e4ec27fdada1ee1984b2fa502a Server: nginx/1.4.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.5.1-1~dotdeb.1 X-Robots-Tag: noindex, nofollow, none, noarchive | suspicious |
URL: http://erostrana.org/main.php?s=36984&c=n&security_hash=58b9f6e4ec27fdada1ee1984b2fa502a (imitation of visitor from search engine) GET /main.php?s=36984&c=n&security_hash=58b9f6e4ec27fdada1ee1984b2fa502a HTTP/1.1 Host: erostrana.org Referer: http://www.google.com/search?q=redirect+check5 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 03 May 2014 14:00:08 GMT Pragma: no-cache Location: http://vh1.axpo.ru/?dnod Server: nginx/1.4.3 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: erostrana=pp5crdes2br9gvvqkj0sv819l7; expires=Sat, 10-May-2014 14:00:08 GMT; Max-Age=604800; path=/; domain=erostrana.org Set-Cookie: subaccount_id=36984; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: stream_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0 Set-Cookie: town_name=Vilnius; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: country_code=LT; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: country_name=%D0%9B%D0%B8%D1%82%D0%B2%D0%B0; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: lang_code=ru; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: longitude=25.3167; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: latitude=54.6833; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: c=n; expires=Mon, 02-Jun-2014 14:00:08 GMT; Max-Age=2592000; path=/; domain=erostrana.org Set-Cookie: hidesocial=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=erostrana.org Set-Cookie: noflash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=erostrana.org Set-Cookie: showstream=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=erostrana.org X-Powered-By: PHP/5.5.1-1~dotdeb.1 X-Robots-Tag: noindex, nofollow, none, noarchive | malicious |
Scanned pages/files
| Request | Server response | Status |
http://ugata.ru/ | 200 OK Content-Length: 5154 Content-Type: text/html | clean |
http://ugata.ru/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/x-javascript | clean |
http://ugata.ru/js/jquery.blockUI.js | 200 OK Content-Length: 16073 Content-Type: application/x-javascript | clean |
http://ugata.ru/index.php?id=2 | 200 OK Content-Length: 6145 Content-Type: text/html | clean |
http://ugata.ru/main.html | HTTP/1.1 302 Found Connection: close Date: Sat, 03 May 2014 14:00:09 GMT Location: http://goo.gl/0rXySb Server: nginx/1.2.0 Content-Type: text/html; charset=iso-8859-1 | clean |
http://goo.gl/0rxysb | 404 Not Found Content-Length: 4438 Content-Type: text/html | clean |
http://goo.gl/static/0043.urlshortener.js | 200 OK Content-Length: 64021 Content-Type: text/javascript | clean |
http://ugata.ru//www.google.com/support/websearch/bin/answer.py?answer=190768/ | HTTP/1.1 302 Found Connection: close Date: Sat, 03 May 2014 14:00:10 GMT Location: http://goo.gl/0rXySb Server: nginx/1.2.0 Content-Type: text/html; charset=iso-8859-1 | clean |
http://goo.gl/test404page.js | 404 Not Found Content-Length: 4446 Content-Type: text/html | clean |
http://goo.gl/ | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Sat, 03 May 2014 14:00:10 GMT Location: https://www.google.com/accounts/ServiceLogin?service=urlshortener&continue=http://goo.gl/?authed%3D1&followup=http://goo.gl/?authed%3D1&passive=true&go=true Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Sat, 03 May 2014 14:00:10 GMT Alternate-Protocol: 80:quic Set-Cookie: authed=1;Path=/ X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/accounts/servicelogin?service=urlshortener&continue=http://goo.gl/?authed%3d1&followup=http://goo.gl/?authed%3d1&passive=true&go=true | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Sat, 03 May 2014 14:00:10 GMT Location: https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&followup=http%3A%2F%2Fgoo.gl%2F%3Fauthed%3D1&passive=true&go=true Server: GSE Content-Length: 370 Content-Type: text/html; charset=UTF-8 Expires: Sat, 03 May 2014 14:00:10 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/servicelogin?service=urlshortener&continue=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&followup=http%3a%2f%2fgoo.gl%2f%3fauthed%3d1&passive=true&go=true | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Sat, 03 May 2014 14:00:10 GMT Server: GSE Content-Length: 1491 Content-Type: text/html; charset=UTF-8 Expires: Sat, 03 May 2014 14:00:10 GMT Alternate-Protocol: 443:quic Set-Cookie: GAPS=1:z7oI89U1k6uRBewDgaQDdVf1y5Y8hA:VkbXpP7bOLdmvLb_;Path=/;Expires=Mon, 02-May-2016 14:00:10 GMT;Secure;HttpOnly;Priority=High Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/& | 404 Not Found Content-Length: 22057 Content-Type: text/html | clean |
https://accounts.google.com/TOS?loc=LT&hl=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store Connection: close Date: Sat, 03 May 2014 14:00:11 GMT Pragma: no-cache Location: https://www.google.lt/intl/en/policies/terms/ Server: GSE Content-Length: 227 Content-Type: text/html; charset=UTF-8 Expires: Mon, 01-Jan-1990 00:00:00 GMT Alternate-Protocol: 443:quic Set-Cookie: GoogleAccountsLocale_session=en; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/ | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Sat, 03 May 2014 14:00:11 GMT Server: sffe Vary: Accept-Encoding Content-Type: text/html Expires: Sat, 03 May 2014 14:00:11 GMT Last-Modified: Tue, 24 Jan 2012 14:44:29 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/regional.html | 200 OK Content-Length: 20351 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/js/google.js/ | 404 Not Found Content-Length: 1438 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
https://accounts.google.com//www.google.com/js/maia.js/ | 404 Not Found Content-Length: 22057 Content-Type: text/html | clean |
http://goo.gl//www.google.com/support/websearch/bin/answer.py?answer=190768/ | 404 Not Found Content-Length: 4493 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ugata.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ugata.ru/
Result: ugata.ru is not infected or malware details are not published yet.
Result: ugata.ru is not infected or malware details are not published yet.