Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wap.pux.su
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wap.pux.su/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mesportal.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 09 Aug 2014 15:28:16 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: 60gpBAK=R1224193598; path=/; expires=Sat, 09-Aug-2014 16:27:37 GMT
Set-Cookie: 60gp=R1863922305; path=/; expires=Sat, 09-Aug-2014 16:33:37 GMT
Set-Cookie: PHPSESSID=b640cb2857d2b0fec1644e5ce033d263; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: mesportal.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 09 Aug 2014 15:28:16 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: 60gpBAK=R1224193598; path=/; expires=Sat, 09-Aug-2014 16:27:37 GMT
Set-Cookie: 60gp=R1863922305; path=/; expires=Sat, 09-Aug-2014 16:33:37 GMT
Set-Cookie: PHPSESSID=b640cb2857d2b0fec1644e5ce033d263; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: mesportal.org
Referer: http://www.google.com/search?q=mesportal.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mesportal.org
Referer: http://www.google.com/search?q=mesportal.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://wap.pux.su/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 25 Apr 2014 16:42:19 GMT Location: http://pux.su/?from=wappux Server: nginx Content-Length: 178 Content-Type: text/html | malicious |
http://pux.su/?from=wappux | 200 OK Content-Length: 6621 Content-Type: text/html | clean |
http://mobtop.ru/c/3126.js | 200 OK Content-Length: 859 Content-Type: application/x-javascript | clean |
http://wap.pux.su/auth.html?from=/index.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 25 Apr 2014 16:42:19 GMT Location: http://pux.su/auth.html?from=/index.html Server: nginx Content-Length: 178 Content-Type: text/html | malicious |
http://pux.su/auth.html?from=/index.html | 200 OK Content-Length: 2036 Content-Type: text/html | clean |
http://pux.su/ | 200 OK Content-Length: 6622 Content-Type: text/html | clean |
http://pux.su/reg.html?from=/index.html | 200 OK Content-Length: 7116 Content-Type: text/html | clean |
http://pux.su/chat.html | 200 OK Content-Length: 2791 Content-Type: text/html | clean |
http://pux.su/auth.html?from=/chat.html | 200 OK Content-Length: 2035 Content-Type: text/html | clean |
http://pux.su/retry_pass.html | 200 OK Content-Length: 1747 Content-Type: text/html | clean |
http://pux.su/forum.html | 200 OK Content-Length: 5071 Content-Type: text/html | clean |
http://pux.su/auth.html?from=/forum.html | 200 OK Content-Length: 2036 Content-Type: text/html | clean |
http://pux.su/reg.html | 200 OK Content-Length: 7099 Content-Type: text/html | clean |
http://pux.su/obmennik.html | 200 OK Content-Length: 4078 Content-Type: text/html | clean |
http://pux.su/auth.html?from=/obmennik.html | 200 OK Content-Length: 2039 Content-Type: text/html | clean |
http://pux.su/photoline-top | 200 OK Content-Length: 6172 Content-Type: text/html | clean |
http://pux.su/auth.html?from=/photoline-top?type=0 | 200 OK Content-Length: 2047 Content-Type: text/html | clean |