Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: golden-host.info
Result:
HTTP/1.1 404 Not Found
Connection: close
Date: Sun, 11 May 2014 17:41:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 317
Content-Type: text/html; charset=iso-8859-1
...317 bytes of data.
GET / HTTP/1.1
Host: golden-host.info
Result:
HTTP/1.1 404 Not Found
Connection: close
Date: Sun, 11 May 2014 17:41:37 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 317
Content-Type: text/html; charset=iso-8859-1
...317 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: golden-host.info
Referer: http://www.google.com/search?q=golden-host.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: golden-host.info
Referer: http://www.google.com/search?q=golden-host.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://vapka4ka.ru/ | HTTP/1.1 302 Found Connection: close Date: Fri, 09 May 2014 19:14:54 GMT Location: http://whatsapp-ru.com/s/3862 Server: nginx Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://whatsapp-ru.com/s/3862 | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Fri, 09 May 2014 19:14:55 GMT Location: http://whatsapp-ru.com/ Server: nginx Content-Type: text/html; charset=utf-8 Set-Cookie: _production_session=41f2d2711117b7839ac94b0897e6c866; path=/; HttpOnly Status: 302 Found X-Powered-By: Phusion Passenger 4.0.25 X-Rack-Cache: miss X-Request-Id: 538500dccf75c68dadc8f735cdff3a99 X-Runtime: 0.225861 X-UA-Compatible: IE=Edge,chrome=1 | clean |
http://whatsapp-ru.com/ | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Fri, 09 May 2014 19:14:55 GMT Location: http://google.com Server: nginx Content-Type: text/html; charset=utf-8 Set-Cookie: _production_session=8ea319d7c0b470a83a25187c044fe50b; path=/; HttpOnly Status: 302 Found X-Powered-By: Phusion Passenger 4.0.25 X-Rack-Cache: miss X-Request-Id: 2af403231b85a67b441511716f107a36 X-Runtime: 0.248764 X-UA-Compatible: IE=Edge,chrome=1 | clean |
http://google.com/ | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Fri, 09 May 2014 19:14:55 GMT Location: http://www.google.lt/?gws_rd=cr&ei=LyltU7i_I-a_ygPJroLAAg Server: gws Content-Length: 258 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Set-Cookie: PREF=ID=6aaa667448ae72fa:FF=0:TM=1399662895:LM=1399662895:S=0UmffAD8nnvVtxUD; expires=Sun, 08-May-2016 19:14:55 GMT; path=/; domain=.google.com Set-Cookie: NID=67=rGR9BW4yOZiBh5KfAqVLf4UkiTXwqIxqSFHvOERx9VwyowpP-FduvX8ip0P4Jwq_ol-44REJ71vbfxUJDtNyPCEv2ckqx0hincW5NcLFlZP1eVt0GKTJYSKXzabCTRXh; expires=Sat, 08-Nov-2014 19:14:55 GMT; path=/; domain=.google.com; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/?gws_rd=cr&ei=lyltu7i_i-a_ygpjrolaag | 200 OK Content-Length: 52715 Content-Type: text/html | clean |
https://www.google.lt/webhp?tab=ww | 200 OK Content-Length: 65226 Content-Type: text/html | clean |
https://www.google.lt/imghp?hl=lt&tab=wi | 200 OK Content-Length: 58699 Content-Type: text/html | clean |
https://www.google.lt/webhp?hl=lt&tab=iw | 200 OK Content-Length: 65523 Content-Type: text/html | clean |
http://www.google.lt/intl/lt/options/ | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=2592000 Connection: close Date: Fri, 09 May 2014 19:14:24 GMT Age: 34 Location: http://www.google.lt/intl/lt/about/products/ Server: sffe Content-Length: 241 Content-Type: text/html; charset=UTF-8 Expires: Sun, 08 Jun 2014 19:14:24 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/intl/lt/about/products/ | 200 OK Content-Length: 7082 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/js/gweb/analytics/autotrack.js/ | 404 Not Found Content-Length: 1471 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.lt/preferences?hl=lt | HTTP/1.1 200 OK Cache-Control: private Connection: close Date: Fri, 09 May 2014 19:14:59 GMT Server: gws Content-Type: text/html; charset=UTF-8 Expires: Fri, 09 May 2014 19:14:59 GMT Alternate-Protocol: 80:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Set-Cookie: PREF=ID=e01646b685c10135:FF=0:TM=1399662899:LM=1399662899:S=XsSPReqTa0ZfJphX; expires=Sun, 08-May-2016 19:14:59 GMT; path=/; domain=.google.lt Set-Cookie: NID=67=stvqPEHBQOF7PUVx647nXazKTIxW0SN6_gy92r4hPy7CWUvMGP5jvBenmcg5hrYWs0URtp4gXzvu5C_VLm10V973hfdRb4gNswVBOPEGbPKwYR3waTr0QqIwuLsYN-bf; expires=Sat, 08-Nov-2014 19:14:59 GMT; path=/; domain=.google.lt; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/preferences?hl=lt&gbv=1&sei=myltu9osa4yayaoy-igwaw | 200 OK Content-Length: 64054 Content-Type: text/html | clean |
http://www.google.lt/imghp?hl=lt&tab=wi | 200 OK Content-Length: 52091 Content-Type: text/html | clean |
http://www.google.lt/imghp?hl=lt&tab=ii | 200 OK Content-Length: 52370 Content-Type: text/html | clean |
http://www.google.lt/history/optout?hl=lt | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Fri, 09 May 2014 19:15:00 GMT Location: https://history.google.com/history/optout?hl=lt Server: Search-History HTTP Server Content-Length: 244 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic Set-Cookie: PREF=ID=603f25751c55ebdf:TM=1399662900:LM=1399662900:S=x7WSCAqiB-XOaJ9R; expires=Sun, 08-May-2016 19:15:00 GMT; path=/; domain=.google.lt X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://history.google.com/history/optout?hl=lt | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Fri, 09 May 2014 19:15:00 GMT Location: http://www.google.com/ Server: Search-History HTTP Server Content-Length: 219 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 443:quic Set-Cookie: PREF=ID=8af039a56377c6d1:TM=1399662900:LM=1399662900:S=gPfPBjuqPWRJbRFn; expires=Sun, 08-May-2016 19:15:00 GMT; path=/; domain=.google.com X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.com/ | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Fri, 09 May 2014 19:15:00 GMT Location: http://www.google.lt/?gws_rd=cr&ei=NCltU6aOLMaWyAOS6YHoBA Server: gws Content-Length: 258 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Set-Cookie: PREF=ID=46781cd658015307:FF=0:TM=1399662900:LM=1399662900:S=jQVwXQDVO7bePsCl; expires=Sun, 08-May-2016 19:15:00 GMT; path=/; domain=.google.com Set-Cookie: NID=67=NR90hSIjqValVKnPcDdXdPeV7mctPqHUYeycc8BRuIwuEsnNBQs8L-SWAYKdU9IfQqel6_pB6yOHnVxUKyiIt_FRN0FZzO5IySiP8GU_HAY1JumUrFJMOpnGX69bWYns; expires=Sat, 08-Nov-2014 19:15:00 GMT; path=/; domain=.google.com; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/?gws_rd=cr&ei=ncltu6aolmawyaos6yhoba | 200 OK Content-Length: 52729 Content-Type: text/html | clean |
http://www.google.lt/chrome/index.html?hl=lt&brand=CHNG&utm_source=lt-hpp&utm_medium=hpp&utm_campaign=lt | 200 OK Content-Length: 24906 Content-Type: text/html | clean |
http://www.google.lt/intl/lt/chrome/assets/common/js/chrome.min.js | 200 OK Content-Length: 180629 Content-Type: text/javascript | clean |
http://www.google.lt/intl/lt/chrome/assets/common/js/installer.min.js | 200 OK Content-Length: 61951 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vapka4ka.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vapka4ka.ru/
Result: vapka4ka.ru is not infected or malware details are not published yet.
Result: vapka4ka.ru is not infected or malware details are not published yet.