Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fixandtell.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Jun 2015 00:59:01 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 2657
Content-Type: text/html
X-Powered-By: PHP/5.5.9-1ubuntu4.9
...2657 bytes of data.
GET / HTTP/1.1
Host: fixandtell.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Jun 2015 00:59:01 GMT
Server: Apache/2.4.7 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 2657
Content-Type: text/html
X-Powered-By: PHP/5.5.9-1ubuntu4.9
...2657 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fixandtell.com
Referer: http://www.google.com/search?q=fixandtell.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fixandtell.com
Referer: http://www.google.com/search?q=fixandtell.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.zmkorion.ru/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 22:46:39 GMT Pragma: no-cache Server: Jino.ru/mod_pizza Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=ba6f59e36dc0f2dc25123d379afd8e50; path=/ | malicious |
http://minisux.ru/e/17458?l_cnf[file]=/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 22:46:39 GMT Pragma: no-cache Location: http://retoq.com/l/H4tYWMr0cdT4mk1teeOKhilgiYS Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=oen6gavbbr5qm6em7rroi61072; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://retoq.com/l/h4tywmr0cdt4mk1teeokhilgiys | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 22:46:40 GMT Pragma: no-cache Location: /e/2 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=dfc8b3iahf997e7imon31kj1n6; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://retoq.com/e/2 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 22:46:40 GMT Pragma: no-cache Location: http://retoq.com/l/ZQ8XZqURsRi40Zt3R8RI4TlWveA Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=5r06dn68njlbqssipgpm5tgqn4; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://retoq.com/l/zq8xzqursri40zt3r8ri4tlwvea | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 13 Sep 2014 22:46:40 GMT Pragma: no-cache Location: /e/2 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=5s9qd5d635n1lrqht6980pd0o7; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://retoq.com/test404page.js | 404 Not Found Content-Length: 13 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zmkorion.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zmkorion.ru/
Result: zmkorion.ru is not infected or malware details are not published yet.
Result: zmkorion.ru is not infected or malware details are not published yet.