Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 100-spartipps.de
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 04 Jul 2014 07:30:11 GMT
Location: http://www.100-spartipps.de/
Server: Apache/2.2.22 (Debian) mod_python/3.2.10 Python/2.4.6 mod_ssl/2.2.22 OpenSSL/1.0.1e
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.100-spartipps.de/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
GET / HTTP/1.1
Host: 100-spartipps.de
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 04 Jul 2014 07:30:11 GMT
Location: http://www.100-spartipps.de/
Server: Apache/2.2.22 (Debian) mod_python/3.2.10 Python/2.4.6 mod_ssl/2.2.22 OpenSSL/1.0.1e
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.100-spartipps.de/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 100-spartipps.de
Referer: http://www.google.com/search?q=100-spartipps.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 100-spartipps.de
Referer: http://www.google.com/search?q=100-spartipps.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.adly.mobi/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 16 Sep 2014 01:58:25 GMT Age: 2 Location: http://www.paix.mobi Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | malicious |
http://www.paix.mobi/ | 200 OK Content-Length: 19013 Content-Type: text/html | clean |
http://www.paix.mobi/js/huck.js | 200 OK Content-Length: 466 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
http://adspaces.ero-advertising.com/adspace/289584.js | 200 OK Content-Length: 4075 Content-Type: application/javascript | clean |
http://adspaces.ero-advertising.com/adspace/289563.js | 200 OK Content-Length: 1567 Content-Type: application/javascript | clean |
http://www.adly.mobi/most-viewed/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 16 Sep 2014 01:58:30 GMT Age: 0 Location: http://www.paix.mobi/most-viewed/ Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | malicious |
http://www.paix.mobi/most-viewed/ | 200 OK Content-Length: 18387 Content-Type: text/html | clean |
http://www.paix.mobi/random-porn-video/ | 200 OK Content-Length: 11047 Content-Type: text/html | clean |
http://www.paix.mobi/category/amateur/ | 200 OK Content-Length: 15679 Content-Type: text/html | clean |
http://www.paix.mobi/category/anal/ | 200 OK Content-Length: 15905 Content-Type: text/html | clean |
http://www.paix.mobi/category/asian/ | 200 OK Content-Length: 15801 Content-Type: text/html | clean |
http://www.paix.mobi/category/big-tits/ | 200 OK Content-Length: 15729 Content-Type: text/html | clean |
http://www.paix.mobi/category/blowjobs/ | 200 OK Content-Length: 15251 Content-Type: text/html | clean |
http://www.paix.mobi/category/russian/ | 200 OK Content-Length: 15778 Content-Type: text/html | clean |
http://www.paix.mobi/category/lesbian/ | 200 OK Content-Length: 15602 Content-Type: text/html | clean |
http://www.paix.mobi/category/gay-porn/ | 200 OK Content-Length: 15217 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=adly.mobi
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://adly.mobi/
Result: adly.mobi is not infected or malware details are not published yet.
Result: adly.mobi is not infected or malware details are not published yet.