Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: centrodonbosco.es
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 11:40:26 GMT
Accept-Ranges: bytes
ETag: "1282878-bc-4e619402b6800"
Server: Apache
Vary: Accept-Encoding
Content-Length: 188
Content-Type: text/html
Last-Modified: Wed, 11 Sep 2013 10:40:32 GMT
...188 bytes of data.
GET / HTTP/1.1
Host: centrodonbosco.es
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 11:40:26 GMT
Accept-Ranges: bytes
ETag: "1282878-bc-4e619402b6800"
Server: Apache
Vary: Accept-Encoding
Content-Length: 188
Content-Type: text/html
Last-Modified: Wed, 11 Sep 2013 10:40:32 GMT
...188 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: centrodonbosco.es
Referer: http://www.google.com/search?q=centrodonbosco.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: centrodonbosco.es
Referer: http://www.google.com/search?q=centrodonbosco.es
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://bestsewingmachineforbeginners.info/ | 200 OK Content-Length: 3569 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Dadou Dz <html><head>
<meta http-equiv='X-UA-Compatible' content='IE=edge'> <title>Hacked By Dadou Dz</title> <link rel='shortcut icon' href='http://62.mgl.skyrock.net/art/GRA1.48062.355.2.jpg'> <title>Dadou Dz</title> <style> <!-- SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } --> </style> <script type='text/javascript' ...[4173 bytes skipped]... | ||
http://v.zilionfast.in/1522753370/?t=vrt | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 07 Mar 2015 16:28:59 GMT Location: http://sso.anbtr.com/domain/v.zilionfast.in Server: nginx Content-Type: text/html Set-Cookie: btst=4d3f4bafd88286f3a3114b8101af5233|78.158.11.226|1425745739|1425745739|0|1|0 Set-Cookie: snkz=78.158.11.226 | malicious |
http://sso.anbtr.com/domain/v.zilionfast.in | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 07 Mar 2015 16:28:37 GMT Location: http://xsso.v.zilionfast.in/5df4cfb9d221d74b3bef65fc9b1b6bd4 Server: nginx Content-Type: text/html Set-Cookie: anbtr=5df4cfb9d221d74b3bef65fc9b1b6bd4; domain=.zilionfast.in | clean |
http://xsso.v.zilionfast.in/5df4cfb9d221d74b3bef65fc9b1b6bd4 | 200 OK Content-Length: 24 Content-Type: text/html | clean |
http://xsso.v.zilionfast.in/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://bestsewingmachineforbeginners.info//static.getjs.net/sd/1018/1022.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 07 Mar 2015 16:31:22 GMT Location: http://vip-rx-solutions.com/ Server: nginx/1.6.2 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vip-rx-solutions.com/ | 500 Can't connect to vip-rx-solutions.com:80 Content-Length: 195 Content-Type: text/plain | clean |
http://bestsewingmachineforbeginners.info//static.getjs.net/sd/1018/1005.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 07 Mar 2015 16:31:22 GMT Location: http://vip-rx-solutions.com/ Server: nginx/1.6.2 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bestsewingmachineforbeginners.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bestsewingmachineforbeginners.info/
Result: bestsewingmachineforbeginners.info is not infected or malware details are not published yet.
Result: bestsewingmachineforbeginners.info is not infected or malware details are not published yet.