Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://creditka.biz/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: creditka.biz Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 12:06:22 GMT Location: http://bitly.com/STTMlN Server: nginx/1.6.0 Content-Length: 207 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://bitly.com/STTMlN (imitation of visitor from search engine) GET /STTMlN HTTP/1.1 Host: bitly.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Cache-Control: private; max-age=90 Connection: close Date: Tue, 02 Sep 2014 12:06:23 GMT Location: http://goo.gl/0rXySb Server: nginx Content-Length: 112 Content-Type: text/html; charset=utf-8 Mime-Version: 1.0 Set-Cookie: _bit=5405b2bf-00319-040fe-2f1cf10a;domain=.bitly.com;expires=Sun Mar 1 12:06:23 2015;path=/; HttpOnly | malicious |
URL: http://goo.gl/0rXySb (imitation of visitor from search engine) GET /0rXySb HTTP/1.1 Host: goo.gl Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 02 Sep 2014 12:06:23 GMT Pragma: no-cache Location: http://sh.oowoo.ru/redsh.php Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | malicious |
URL: http://sh.oowoo.ru/redsh.php (imitation of visitor from search engine) GET /redsh.php HTTP/1.1 Host: sh.oowoo.ru Referer: http://www.google.com/search?q=redirect+check4 | HTTP/1.1 302 Found Connection: close Date: Tue, 02 Sep 2014 12:05:13 GMT Location: http://hotzone2nn.com/sexgospital/?sid=269188418 Server: nginx/1.0.15 Content-Length: 0 Content-Type: text/html; charset=CP1251 X-Powered-By: PHP/5.2.17 | suspicious |
URL: http://hotzone2nn.com/sexgospital/?sid=269188418 (imitation of visitor from search engine) GET /sexgospital/?sid=269188418 HTTP/1.1 Host: hotzone2nn.com Referer: http://www.google.com/search?q=redirect+check5 | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Tue, 02 Sep 2014 12:06:24 GMT Pragma: no-cache Location: http://hotzonepqnn.info/sexgospital?sid=269188418 Server: nginx/1.0.14 Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Fri, 05 Sep 2014 12:06:24 GMT Set-Cookie: PHPSESSID=m3oarnqr0cpe6niovu57ffo973; path=/ X-Powered-By: PHP/5.3.10 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://creditka.biz/ | 200 OK Content-Length: 39023 Content-Type: text/html | clean |
http://creditka.biz/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://creditka.biz/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://creditka.biz/wp-includes/js/tw-sack.min.js?ver=1.6.1 | 200 OK Content-Length: 3270 Content-Type: application/javascript | clean |
http://ploms.net/js?id=17577 | 200 OK Content-Length: 7686 Content-Type: text/html | clean |
http://d1vbm0eveofcle.cloudfront.net/scripts/js3caf.js | 200 OK Content-Length: 3490 Content-Type: application/javascript | clean |
http://d1vbm0eveofcle.cloudfront.net/scripts/tier2caf.js | 200 OK Content-Length: 28865 Content-Type: application/javascript | clean |
http://ploms.net/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=ploms.net&ron=0&adult=0 | 200 OK Content-Length: 5658 Content-Type: text/plain | clean |
http://ploms.net/test404page.js | 400 Bad Request Content-Length: 20 Content-Type: text/html | clean |
http://creditka.biz/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05 | 200 OK Content-Length: 16305 Content-Type: application/javascript | clean |
http://creditka.biz/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.7.2 | 200 OK Content-Length: 8913 Content-Type: application/javascript | clean |
http://creditka.biz/wp-content/plugins/light/js/jquery.fancybox.pack.js?ver=3.8.4 | 200 OK Content-Length: 22643 Content-Type: application/javascript | clean |
http://creditka.biz/wp-content/plugins/light/js/light.js?ver=3.8.4 | 200 OK Content-Length: 687 Content-Type: application/javascript | clean |
http://creditka.biz/wp-content/themes/creditka/js/tie-scripts.js?ver=3.8.4 | 200 OK Content-Length: 62550 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=creditka.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://creditka.biz/
Result: creditka.biz is not infected or malware details are not published yet.
Result: creditka.biz is not infected or malware details are not published yet.