Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: businessxp.de
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 22 Dec 2014 22:33:29 GMT
Pragma: no-cache
Location: http://www.businessxp.net/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=q94jc1pep2g0bdn5nrl1snlv27; path=/
X-Powered-By: PHP/5.3.28-1~dotdeb.0
...0 bytes of data.
GET / HTTP/1.1
Host: businessxp.de
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 22 Dec 2014 22:33:29 GMT
Pragma: no-cache
Location: http://www.businessxp.net/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=q94jc1pep2g0bdn5nrl1snlv27; path=/
X-Powered-By: PHP/5.3.28-1~dotdeb.0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: businessxp.de
Referer: http://www.google.com/search?q=businessxp.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: businessxp.de
Referer: http://www.google.com/search?q=businessxp.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://businessxp.de/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Mon, 22 Dec 2014 22:33:29 GMT Pragma: no-cache Location: http://www.businessxp.net/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=q94jc1pep2g0bdn5nrl1snlv27; path=/ X-Powered-By: PHP/5.3.28-1~dotdeb.0 | clean |
http://www.businessxp.net/ | 200 OK Content-Length: 43277 Content-Type: text/html | clean |
http://www.businessxp.net/inc/jquery.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.autocomplete.js | 200 OK Content-Length: 8001 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.bgiframe.js | 200 OK Content-Length: 1402 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.ui.core.min.js | 200 OK Content-Length: 3027 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.ui.widget.min.js | 200 OK Content-Length: 2996 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.ui.tabs.min.js | 200 OK Content-Length: 11298 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.elastic.js | 200 OK Content-Length: 1719 Content-Type: application/javascript | clean |
http://businessxp.de/inc/jquery.lightbox-0.5.pack.js | 200 OK Content-Length: 20838 Content-Type: application/javascript | clean |
http://areagame.ivwbox.de/2004/01/survey.js | 200 OK Content-Length: 9 Content-Type: application/x-javascript | clean |
http://ads.mrgreen.com/ad.aspx?pid=3170&bid=1527 | 200 OK Content-Length: 292 Content-Type: text/html | clean |
http://ads.mrgreen.com/redirect.aspx?bid=1527&pid=3170&zid=0&pbg=0&cid=0&ctcid=0&mid=0&sid=0 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 22 Dec 2014 22:33:32 GMT Location: http://www.mrgreen.com?btag=655236_19627F62380B4DABABDC19AF19D79A95 Server: Microsoft-IIS/8.5 Content-Length: 0 Content-Type: text/html P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies" Set-Cookie: NetRefer_CookieUniTrack_C=%5b%7b%22PID%22%3a3170%2c%22BID%22%3a1527%2c%22DateTimeStamp%22%3a%22%5c%2fDate(1419287613082)%5c%2f%22%2c%22CookieTag%22%3a%22152731706221185187C201412222233%22%7d%5d; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/ Set-Cookie: NetReferSPS=%5b%7b%22StoreName%22%3a%22CurrentReferenceID%22%2c%22StoreValue%22%3a%22102769592%22%7d%5d; expires=Wed, 22-Dec-3013 22:33:33 GMT; path=/ X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | clean |
http://www.mrgreen.com?btag=655236_19627f62380b4dababdc19af19d79a95/ | HTTP/1.1 302 Found Date: Mon, 22 Dec 2014 22:33:32 GMT Location: https://www.mrgreen.com?btag=655236_19627f62380b4dababdc19af19d79a95%2f Server: Microsoft-IIS/7.5 Content-Length: 188 Set-Cookie: languageCode=en-US; expires=Tue, 22-Dec-2015 22:33:33 GMT; path=/ X-Powered-By: ASP.NET | clean |
https://www.mrgreen.com?btag=655236_19627f62380b4dababdc19af19d79a95%2f/ | 200 OK Content-Length: 92574 Content-Type: text/html | clean |
https://cdn-mrgreen.sslcs.cdngc.net/Web/20141215.409/mrg/modernizr.js | 200 OK Content-Length: 49571 Content-Type: application/x-javascript | clean |
http://ads.mrgreen.com/HttpHandlers/JDictionary.ashx | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 22:33:34 GMT Location: /blank.html?aspxerrorpath=/HttpHandlers/JDictionary.ashx Server: Microsoft-IIS/8.5 Content-Length: 173 P3P: CP="This is not a P3P policy! It is used to bypass IEs problematic handling of cookies" X-Powered-By: ASP.NET | clean |
http://ads.mrgreen.com/blank.html?aspxerrorpath=/httphandlers/jdictionary.ashx | 200 OK Content-Length: 49 Content-Type: text/html | clean |
http://ads.mrgreen.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=businessxp.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://businessxp.de/
Result: businessxp.de is not infected or malware details are not published yet.
Result: businessxp.de is not infected or malware details are not published yet.