Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bytesnwords.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:21:55 GMT
Location: http://portfolio.bytesnwords.com/
Server: nginx/1.6.2
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
...306 bytes of data.
GET / HTTP/1.1
Host: bytesnwords.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 25 Dec 2014 12:21:55 GMT
Location: http://portfolio.bytesnwords.com/
Server: nginx/1.6.2
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
...306 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bytesnwords.com
Referer: http://www.google.com/search?q=bytesnwords.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bytesnwords.com
Referer: http://www.google.com/search?q=bytesnwords.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://bytesnwords.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:21:55 GMT Location: http://portfolio.bytesnwords.com/ Server: nginx/1.6.2 Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://portfolio.bytesnwords.com/ | 200 OK Content-Length: 142308 Content-Type: text/html | clean |
http://bytesnwords.com/isd/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.masonry.min.js?ver=3.5.1 | 200 OK Content-Length: 5430 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/modernizr-transitions.js?ver=3.5.1 | 200 OK Content-Length: 2026 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.cycle.all.js?ver=3.5.1 | 200 OK Content-Length: 50111 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.scrollTo-min.js?ver=3.5.1 | 200 OK Content-Length: 2262 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/superfish.js?ver=3.5.1 | 200 OK Content-Length: 3836 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.easing.js?ver=3.5.1 | 200 OK Content-Length: 8101 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.prettyPhoto.js?ver=3.5.1 | 200 OK Content-Length: 36841 Content-Type: application/javascript | clean |
http://ajax.microsoft.com/ajax/jquery.validate/1.7/jquery.validate.min.js?ver=3.5.1 | 200 OK Content-Length: 25361 Content-Type: application/x-javascript | clean |
http://bytesnwords.com/isd/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.9.2 | 200 OK Content-Length: 4693 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.9.2 | 200 OK Content-Length: 6759 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.9.2 | 200 OK Content-Length: 18572 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/wp-content/themes/bookcase/js/jquery.ui.tabs.js?ver=3.5.1 | 200 OK Content-Length: 21245 Content-Type: application/javascript | clean |
http://bytesnwords.com/isd/index.php?ag_customjs_var=js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 25 Dec 2014 12:22:06 GMT Location: http://bytesnwords.com/isd/?ag_customjs_var=js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://bytesnwords.com/isd/xmlrpc.php | clean |
http://bytesnwords.com/isd/?ag_customjs_var=js | 200 OK Content-Length: 12846 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bytesnwords.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bytesnwords.com/
Result: bytesnwords.com is not infected or malware details are not published yet.
Result: bytesnwords.com is not infected or malware details are not published yet.