Scanned pages/files
Request | Server response | Status |
http://empresadoscero.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 28 Apr 2014 19:02:06 GMT Location: http://www.microsoft.com/latam/sharepoint/empresadoscero Server: Microsoft-IIS/7.5 Content-Length: 23 Content-Type: text/html P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ASPSESSIONIDCCCQSARB=FGMEFJLCEDJJNCGLJKMDNGCP; path=/ X-Powered-By: ASP.NET X-UA-Compatible: IE=EmulateIE7 | clean |
http://www.microsoft.com/latam/sharepoint/empresadoscero | HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2014 19:02:07 GMT Location: http://sharepoint.microsoft.com/es-mx/paginas/default.aspx Server: Microsoft-IIS/8.0 Content-Length: 181 Content-Type: text/html; charset=UTF-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" VTag: 279986032200000000 X-Powered-By: ASP.NET X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET | clean |
http://sharepoint.microsoft.com/es-mx/paginas/default.aspx | HTTP/1.1 302 Found Date: Mon, 28 Apr 2014 19:02:07 GMT Location: /Default.aspx?aspxerrorpath=/es-mx/paginas/default.aspx Server: Microsoft-IIS/7.5 Content-Length: 184 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET | clean |
http://sharepoint.microsoft.com/default.aspx?aspxerrorpath=/es-mx/paginas/default.aspx | HTTP/1.1 302 Found Cache-Control: private Date: Mon, 28 Apr 2014 19:02:07 GMT Location: http://office.microsoft.com/sharepoint Server: Microsoft-IIS/7.5 Content-Length: 155 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET | clean |
http://office.microsoft.com/sharepoint | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Date: Mon, 28 Apr 2014 19:02:08 GMT Pragma: no-cache Location: http://office.microsoft.com/en-us/sharepoint/ Server: Microsoft-IIS/7.5 Content-Length: 0 Expires: -1 MicrosoftSharePointTeamServices: 14.0.0.6114 P3P: CP="ADM CAO CONi COR CUR DEV DSP IND OTRi OUR PSA PUBi STA STP" Set-Cookie: _DetectCookies=Y; domain=office.microsoft.com; expires=Sun, 28-Apr-2024 19:02:08 GMT; path=/ SPRequestGuid: 56778684-8d12-4a28-8b28-fb58000f1730 X-Cnection: close X-LLCC: en-US X-Machine: BLUREN504 X-Powered-By: ASP.NET X-SharePointHealthScore: 0 X-UA-Compatible: IE=10 | clean |
http://office.microsoft.com/en-us/sharepoint/ | 200 OK Content-Length: 37896 Content-Type: text/html | clean |
http://office.microsoft.com//officeimg.vo.msecnd.net/_layouts/MicrosoftAjax.js?b=5689%2E4220/ | 200 OK Content-Length: 99358 Content-Type: application/x-javascript | clean |
http://empresadoscero.com//officeimg.vo.msecnd.net/_layouts/jquery.js?b=5689%2E4220/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 28 Apr 2014 19:02:12 GMT Location: http://www.microsoft.com/latam/sharepoint/empresadoscero/officeimg.vo.msecnd.net/_layouts/jquery.js?b=5689%2E4220/ Server: Microsoft-IIS/7.5 Content-Length: 23 Content-Type: text/html P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ASPSESSIONIDCCCQSARB=FPMEFJLCJCCFBJMFPNPJPDAB; path=/ X-Powered-By: ASP.NET X-UA-Compatible: IE=EmulateIE7 | clean |
http://www.microsoft.com/latam/sharepoint/empresadoscero/officeimg.vo.msecnd.net/_layouts/jquery.js?b=5689%2e4220/ | HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2014 19:02:13 GMT Location: http://sharepoint.microsoft.com/es-mx/paginas/default.aspx Server: Microsoft-IIS/8.0 Content-Length: 181 Content-Type: text/html; charset=UTF-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" VTag: 791716831700000000 X-Powered-By: ASP.NET X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET | clean |
http://sharepoint.microsoft.com/test404page.js | HTTP/1.1 302 Found Cache-Control: private Date: Mon, 28 Apr 2014 19:02:13 GMT Location: http://office.microsoft.com/sharepoint Server: Microsoft-IIS/7.5 Content-Length: 155 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 2.0.50727 X-Powered-By: ASP.NET | clean |
http://office.microsoft.com/test404page.js | 404 Not Found Content-Length: 100 | clean |
http://empresadoscero.com/en-us/jsonstrings.aspx?b=5689.4220&g=Global | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 28 Apr 2014 19:02:14 GMT Location: http://www.microsoft.com/latam/sharepoint/empresadoscero/en-us/jsonstrings.aspx?b=5689.4220&g=Global Server: Microsoft-IIS/7.5 Content-Length: 23 Content-Type: text/html P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ASPSESSIONIDCCCQSARB=JBNEFJLCAKHLKKPKLCBCBGGM; path=/ X-Powered-By: ASP.NET X-UA-Compatible: IE=EmulateIE7 | clean |
http://www.microsoft.com/latam/sharepoint/empresadoscero/en-us/jsonstrings.aspx?b=5689.4220&g=global | HTTP/1.1 301 Moved Permanently Date: Mon, 28 Apr 2014 19:02:15 GMT Location: http://sharepoint.microsoft.com/es-mx/paginas/default.aspx Server: Microsoft-IIS/8.0 Content-Length: 181 Content-Type: text/html; charset=UTF-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" VTag: 438873133100000000 X-Powered-By: ASP.NET X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET | clean |
http://empresadoscero.com/en-us/_vti_bin/anonsvc/Global.svc/js?b=5689.4220 | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Mon, 28 Apr 2014 19:02:15 GMT Location: http://www.microsoft.com/latam/sharepoint/empresadoscero/en-us/_vti_bin/anonsvc/Global.svc/js?b=5689.4220 Server: Microsoft-IIS/7.5 Content-Length: 23 Content-Type: text/html P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" Set-Cookie: ASPSESSIONIDCCCQSARB=GDNEFJLCAHDLCJFOOEONOPBJ; path=/ X-Powered-By: ASP.NET X-UA-Compatible: IE=EmulateIE7 | clean |
http://www.microsoft.com/latam/sharepoint/empresadoscero/en-us/_vti_bin/anonsvc/global.svc/js?b=5689.4220 | HTTP/1.1 302 Found Date: Mon, 28 Apr 2014 19:02:16 GMT Location: http://www.microsoft.com/library/errorpages/smarterror.aspx?aspxerrorpath=http%3a%2f%2fwww.microsoft.com%2flatam%2fsharepoint%2fempresadoscero%2fen-us%2f_vti_bin%2fanonsvc%2fglobal.svc%2fjs%3fb%3d5689.4220 Server: Microsoft-IIS/8.0 Content-Length: 356 Content-Type: text/html; charset=utf-8 P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI" VTag: 791407832900000000 X-Powered-By: ASP.NET X-Powered-By: ARR/2.5 X-Powered-By: ASP.NET | clean |
http://www.microsoft.com/library/errorpages/smarterror.aspx?aspxerrorpath=http%3a%2f%2fwww.microsoft.com%2flatam%2fsharepoint%2fempresadoscero%2fen-us%2f_vti_bin%2fanonsvc%2fglobal.svc%2fjs%3fb%3d5689.4220 | 200 OK Content-Length: 57026 Content-Type: text/html | clean |
http://www.microsoft.com/Scripts/wt_capi.js | 200 OK Content-Length: 57026 Content-Type: text/html | clean |
http://www.microsoft.com/Scripts/site.js | 200 OK Content-Length: 57026 Content-Type: text/html | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?c=oneMscomBlade | 200 OK Content-Length: 7133 Content-Type: text/javascript | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?pt=searchPage& | 200 OK Content-Length: 3 Content-Type: text/javascript | clean |
http://www.microsoft.com/shared/core/2/js/js.ashx?c=oneMscomFooter | 200 OK Content-Length: 12885 Content-Type: text/javascript | clean |
http://nexus.ensighten.com/msft/mscom/Bootstrap.js | 200 OK Content-Length: 15844 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ensightenOptions = { client: 'mscom', clientId: 457, ns: 'Bootstrapper', nexus: "nexus.ensighten.com" }; if ( ensightenOptions && !window[ensightenOptions.ns] ) { window[ensightenOptions.ns]=function(h){var c={},b={};c.version="2.0.3";c.nexus=h.nexus||"nexus.ensighten.com";c.options={interval:h.interval||100,erLoc:h.errorLocation||c.nexus+"/error/e.gif",scLoc:h.serverComponentLocation||c.nexus+"/"+h.client+"/serverComponent.php",sjPath:h.staticJavsc break;}};;}catch(e){Bootstrapper.reportException(e);}});Bootstrapper.globalRuleList='48900;75302;80770'; Bootstrapper.getServerComponent(); } Antivirus reports:
| ||
http://search.microsoft.com/script.jsx?k=~/Scripts/SearchBox.js;~/Scripts/searchwithBing.js&v=-2106819447 | 200 OK Content-Length: 8941 Content-Type: text/javascript | clean |
http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.1.min.js | 200 OK Content-Length: 85260 Content-Type: application/x-javascript | clean |
http://js.microsoft.com/library/svy/search/broker.js | 200 OK Content-Length: 32365 Content-Type: application/x-javascript | clean |
http://www.microsoft.com/shared/templates/components/oneMscomJsCssLoader/oneMscomJsCssLoader.js | 200 OK Content-Length: 1231 Content-Type: application/x-javascript | clean |
http://www.microsoft.com/Scripts/jquery.ui.core.min.js | 200 OK Content-Length: 57026 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: empresadoscero.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Mon, 28 Apr 2014 19:02:06 GMT
Location: http://www.microsoft.com/latam/sharepoint/empresadoscero
Server: Microsoft-IIS/7.5
Content-Length: 23
Content-Type: text/html
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ASPSESSIONIDCCCQSARB=FGMEFJLCEDJJNCGLJKMDNGCP; path=/
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
...23 bytes of data.
GET / HTTP/1.1
Host: empresadoscero.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Connection: close
Date: Mon, 28 Apr 2014 19:02:06 GMT
Location: http://www.microsoft.com/latam/sharepoint/empresadoscero
Server: Microsoft-IIS/7.5
Content-Length: 23
Content-Type: text/html
P3P: CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Set-Cookie: ASPSESSIONIDCCCQSARB=FGMEFJLCEDJJNCGLJKMDNGCP; path=/
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
...23 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: empresadoscero.com
Referer: http://www.google.com/search?q=empresadoscero.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: empresadoscero.com
Referer: http://www.google.com/search?q=empresadoscero.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=empresadoscero.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://empresadoscero.com/
Result: empresadoscero.com is not infected or malware details are not published yet.
Result: empresadoscero.com is not infected or malware details are not published yet.