Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cursos24h.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 13:56:41 GMT
Location: http://www.cursos24horas.com.br
Server: Apache
Content-Length: 1
Content-Type: text/html
...1 bytes of data.
GET / HTTP/1.1
Host: cursos24h.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 13:56:41 GMT
Location: http://www.cursos24horas.com.br
Server: Apache
Content-Length: 1
Content-Type: text/html
...1 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cursos24h.net.br
Referer: http://www.google.com/search?q=cursos24h.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cursos24h.net.br
Referer: http://www.google.com/search?q=cursos24h.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://cursos24h.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 13:56:41 GMT Location: http://www.cursos24horas.com.br Server: Apache Content-Length: 1 Content-Type: text/html | clean |
http://www.cursos24horas.com.br/ | 200 OK Content-Length: 55468 Content-Type: text/html | clean |
http://www.cursos24horas.com.br/js/ajaxonline.js | 200 OK Content-Length: 1266 Content-Type: application/x-javascript | clean |
http://www.cursos24horas.com.br/js/todaspg.js | 200 OK Content-Length: 59346 Content-Type: application/x-javascript | clean |
http://www.cursos24horas.net.br/chat/image.php?tl=1&srv=aHR0cDovL3d3dy5jdXJzb3MyNGhvcmFzLm5ldC5ici9jaGF0L2NoYXQucGhw&tlont=T25saW5l&tloft=T2ZmbGluZQ__&tlonc=dGV4dG9fYnJhbmNvX2l0YWxpY28_&tlofc=dGV4dG9fYnJhbmNvX2l0YWxpY28_ | 200 OK Content-Length: 252 Content-Type: text/html | clean |
http://www.cursos24horas.net.br/chat/\"javascript:void(window.open('http://www.cursos24horas.net.br/chat/chat.php','','width=590,height=760,left=0,top=0,resizable=yes,menubar=no,location=no,status=yes,scrollbars=yes'))\" | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 13:56:48 GMT Location: http://www.cursos24horas.com.br Server: Apache Content-Length: 1 Content-Type: text/html | clean |
http://www.cursos24horas.com.br/test404page.js | 404 Not Found Content-Length: 3633 Content-Type: text/html | clean |
http://www.cursos24horas.com.br/404/erro.asp?redir=1&a=404;http://www.cursos24horas.com.br:80/test404page.js | HTTP/1.1 302 Object moved Cache-Control: private Date: Tue, 03 Mar 2015 13:59:57 GMT Location: http://www.cursos24horas.com.br Server: Microsoft-IIS/6.0 Content-Length: 152 Content-Type: text/html Set-Cookie: ASPSESSIONIDSCQSCSQC=MGIOKGLCCJFNONGMMODCLAIP; path=/ X-Powered-By: ASP.NET | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 10816 Content-Type: text/javascript | clean |
http://cursos24h.net.br//selo.siteblindado.com/aw.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 13:56:51 GMT Location: http://www.cursos24horas.com.br Server: Apache Content-Length: 1 Content-Type: text/html | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 10722 Content-Type: text/javascript | clean |
http://br.inbenta.com/cursos24horas/autocompleter/jsonp/inbenta_autocomplete_jsonp.js | 200 OK Content-Length: 586 Content-Type: text/javascript | clean |
http://nxtck.com/act.php?tag=39592 | HTTP/1.1 302 Déplacé Temporairement Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Connection: close Date: Tue, 03 Mar 2015 13:56:52 GMT Pragma: no-cache Location: http://nxtck.com/act.php?tag=39592&tc=1 Server: ads09.mrs.nextperf.local Content-Length: 0 Expires: Tue, 01 Jan 2001 00:00:00 GMT P3P: CP='ALL DSP LAW CUR DEV PSAo PSDo IVAo IVDo CONo HISo OUR STP UNI NAV' Set-Cookie: tc=1; Expires=Wed, 02-Mar-2016 13:56:52 GMT; Path=/ Set-Cookie: nxtck_srv=152374026.36895.0000; expires=Fri, 03-Apr-2015 14:36:42 GMT; path=/ X-Robots-Tag: noindex, nofollow | clean |
http://nxtck.com/act.php?tag=39592&tc=1 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://img.metaffiliation.com/u/35/p25209.js?zone=accueil | 200 OK Content-Length: 9595 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cursos24h.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cursos24h.net.br/
Result: cursos24h.net.br is not infected or malware details are not published yet.
Result: cursos24h.net.br is not infected or malware details are not published yet.