Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vk49.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vk49.ru/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: movingrhythms.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 11 Jul 2015 15:46:04 GMT
Server: Apache/2.4.10 (Unix)
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: movingrhythms.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 11 Jul 2015 15:46:04 GMT
Server: Apache/2.4.10 (Unix)
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: movingrhythms.com
Referer: http://www.google.com/search?q=movingrhythms.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: movingrhythms.com
Referer: http://www.google.com/search?q=movingrhythms.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://vk49.ru/ | HTTP/1.1 200 OK Connection: close Date: Thu, 09 Oct 2014 05:13:23 GMT Accept-Ranges: bytes ETag: "20b34-c6-503a338b71f54" Server: nginx/1.5.9 Content-Length: 198 Content-Type: text/html; charset=UTF-8 Last-Modified: Mon, 22 Sep 2014 08:27:29 GMT | malicious |
http://7xz.ru/7/?42 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Thu, 09 Oct 2014 05:13:23 GMT Pragma: no-cache Location: http://vk49.ru/gosti/ Server: nginx/1.5.9 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Thu, 09 Oct 2014 05:13:23 GMT X-Powered-By: PHP/5.3.27 | malicious |
http://vk49.ru/gosti/ | 200 OK Content-Length: 13703 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: gosti.vkce.ru <!-- FUCK OFF from Barigo --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ru" lang="ru" dir="ltr"> <meta http-equiv="Content-Type" content="text/html;charset=UTF-8"> <head> <link type="text/css" rel="stylesheet" media="all" href="style000.css" tppabs="http://gosti.vkce.ru/index_files/style000.css"> <link href="index_files/favicon0.htm" rel="shortcut icon"> <title>ÐÑоÑмоÑÑ Ð³Ð¾ÑÑей ÐконÑакÑе</title> <link href="reset000.css" tppabs="http://gosti.vkce.ru/index_files/reset000.css" rel="stylesheet" type="text/css"> <link href="style000.css" tppabs="http://gosti.vkce.ru/index_files/style000.css" rel="stylesheet" type="text/css"> ...[3908 bytes skipped]... | ||
http://vk49.ru/gosti/jquery00.js | 200 OK Content-Length: 72328 Content-Type: application/javascript | clean |
http://code.jquery.com/jquery-1.9.1.min.js | 200 OK Content-Length: 92629 Content-Type: application/x-javascript | clean |
http://vk49.ru/test404page.js | 404 Not Found Content-Length: 285 Content-Type: text/html | clean |