Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: electroniccigarettesbuy.ca
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 29 May 2014 04:19:08 GMT
Location: http://www.electroniccigarettesbuy.ca/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.electroniccigarettesbuy.ca/xmlrpc.php
X-Powered-By: PHP/5.4.20
...0 bytes of data.
GET / HTTP/1.1
Host: electroniccigarettesbuy.ca
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 29 May 2014 04:19:08 GMT
Location: http://www.electroniccigarettesbuy.ca/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.electroniccigarettesbuy.ca/xmlrpc.php
X-Powered-By: PHP/5.4.20
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: electroniccigarettesbuy.ca
Referer: http://www.google.com/search?q=electroniccigarettesbuy.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: electroniccigarettesbuy.ca
Referer: http://www.google.com/search?q=electroniccigarettesbuy.ca
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://electroniccigarettesbuy.ca/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 29 May 2014 04:19:08 GMT Location: http://www.electroniccigarettesbuy.ca/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.electroniccigarettesbuy.ca/xmlrpc.php X-Powered-By: PHP/5.4.20 | clean |
http://www.electroniccigarettesbuy.ca/ | 200 OK Content-Length: 81946 Content-Type: text/html | clean |
http://www.electroniccigarettesbuy.ca/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://www.electroniccigarettesbuy.ca/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.electroniccigarettesbuy.ca/wp-content/plugins/wp_pro_ad_system/templates/js/load_ads.js?ver=3.8.3 | 200 OK Content-Length: 1056 Content-Type: application/javascript | clean |
http://www.electroniccigarettesbuy.ca/wp-content/themes/headway/library/media/js/jquery.hoverintent.js?ver=3.8.3 | 200 OK Content-Length: 3174 Content-Type: application/javascript | clean |
http://www.electroniccigarettesbuy.ca/wp-content/themes/headway/library/blocks/core/navigation/js/jquery.superfish.js?ver=3.8.3 | 200 OK Content-Length: 3714 Content-Type: application/javascript | clean |
http://www.electroniccigarettesbuy.ca/wp-content/uploads/headway/cache/587074566f29e2cad48e0753082f51e7.js?ver=3.8.3 | 200 OK Content-Length: 547 Content-Type: application/javascript | clean |
http://www.theecigarette.us/wp-content/plugins/cforms/js/cforms.js | 200 OK Content-Length: 17739 Content-Type: application/javascript | clean |
http://electroniccigarettesbuy.ca/vapagecig | HTTP/1.1 307 Temporary Redirect Connection: close Date: Thu, 29 May 2014 04:19:13 GMT Location: http://www.kqzyfj.com/click-5762543-10990737?SID=cigarettesbuy Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: prli_click_4=vapagecig; expires=Sat, 28-Jun-2014 04:19:13 GMT; path=/ X-Powered-By: PHP/5.4.20 X-Robots-Tag: noindex, nofollow | clean |
http://www.kqzyfj.com/click-5762543-10990737?sid=cigarettesbuy | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 29 May 2014 04:19:13 GMT Pragma: no-cache Location: http://cj.dotomi.com/3d106js0-I/sz3/HGPPGNJN/LNMILKJ/G/G/G?o=pG61%3D064yF2HH2GzIM<<5HHD%3A%2F%2FKKK.8ENM37.0CA%3AWO%2F09608-TVUQTSR-POXXOVRV<<e<< Server: Resin/3.1.8 Content-Type: text/html Expires: Thu, 29 May 2014 04:19:13 GMT P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT" | clean |
http://cj.dotomi.com/3d106js0-i/sz3/hgppgnjn/lnmilkj/g/g/g?o=pg61%3d064yf2hh2gzim<<5hhd%3a%2f%2fkkk.8enm37.0ca%3awo%2f09608-tvuqtsr-poxxovrv<<e<< | 404 Not Found Content-Length: 50 Content-Type: image/gif | clean |
http://cj.dotomi.com/test404page.js | 404 Not Found Content-Length: 50 Content-Type: image/gif | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=electroniccigarettesbuy.ca
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://electroniccigarettesbuy.ca/
Result: electroniccigarettesbuy.ca is not infected or malware details are not published yet.
Result: electroniccigarettesbuy.ca is not infected or malware details are not published yet.