Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://fgnwbltulr.honeymoonscorp.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: fgnwbltulr.honeymoonscorp.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 20:30:58 GMT Location: http://www.google.com/ Server: nginx Content-Length: 54 Content-Type: text/html X-Powered-By: PleskLin | suspicious |
Scanned pages/files
Request | Server response | Status |
http://fgnwbltulr.honeymoonscorp.com/.redir | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Sep 2014 20:30:59 GMT Location: http://fgnwbltulr.honeymoonscorp.com/.redir/ Server: nginx Content-Length: 331 Content-Type: text/html; charset=iso-8859-1 | clean |
http://fgnwbltulr.honeymoonscorp.com/.redir/ | HTTP/1.1 302 Found Connection: close Date: Tue, 23 Sep 2014 20:30:59 GMT Location: http://www.google.com/ Server: nginx Content-Length: 54 Content-Type: text/html X-Powered-By: PleskLin | clean |
http://www.google.com/ | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Tue, 23 Sep 2014 20:29:43 GMT Location: http://www.google.lt/?gws_rd=cr&ei=N9ghVITfOeKaygO-hILwCw Server: gws Content-Length: 258 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.002 P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Set-Cookie: PREF=ID=223083798c02ba47:FF=0:TM=1411504183:LM=1411504183:S=y6yE8slCP0PDIOor; expires=Thu, 22-Sep-2016 20:29:43 GMT; path=/; domain=.google.com Set-Cookie: NID=67=jUk4hHUABkZGBIRE5urFAjnwgJtI9fMyS85yF_H6JBhDIA6dwVDblQnCkJmmyUINUDZj45DDQPSnjkoyLhX7eJ_yoabF5DI2pqxz6RkbnFmhIBfuM9HgnFBdG_wPUciM; expires=Wed, 25-Mar-2015 20:29:43 GMT; path=/; domain=.google.com; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/?gws_rd=cr&ei=n9ghvitfoekaygo-hilwcw | 200 OK Content-Length: 51407 Content-Type: text/html | clean |
https://www.google.lt/webhp?tab=ww | 200 OK Content-Length: 66969 Content-Type: text/html | clean |
https://www.google.lt/imghp?hl=lt&tab=wi | 200 OK Content-Length: 57483 Content-Type: text/html | clean |
https://www.google.lt/webhp?hl=lt&tab=iw | 200 OK Content-Length: 63741 Content-Type: text/html | clean |
http://www.google.lt/intl/lt/options/ | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=2592000 Connection: close Date: Tue, 23 Sep 2014 20:29:49 GMT Location: http://www.google.lt/intl/lt/about/products/ Server: sffe Content-Length: 241 Content-Type: text/html; charset=UTF-8 Expires: Thu, 23 Oct 2014 20:29:49 GMT Alternate-Protocol: 80:quic,p=0.002 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/intl/lt/about/products/ | 200 OK Content-Length: 7068 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/js/gweb/analytics/autotrack.js/ | 404 Not Found Content-Length: 1471 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.lt/preferences?hl=lt | 200 OK Content-Length: 62896 Content-Type: text/html | clean |
http://www.google.lt/imghp?hl=lt&tab=wi | 200 OK Content-Length: 51432 Content-Type: text/html | clean |
http://www.google.lt/imghp?hl=lt&tab=ii | 200 OK Content-Length: 51383 Content-Type: text/html | clean |
http://www.google.lt/history/optout?hl=lt | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Tue, 23 Sep 2014 20:29:51 GMT Location: https://history.google.com/history/optout?hl=lt Server: Search-History HTTP Server Content-Length: 244 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.002 Set-Cookie: PREF=ID=43cc42e3e097d649:TM=1411504191:LM=1411504191:S=rkVAcfiG1s6KCuh-; expires=Thu, 22-Sep-2016 20:29:51 GMT; path=/; domain=.google.lt X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://history.google.com/history/optout?hl=lt | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Tue, 23 Sep 2014 20:29:51 GMT Location: http://www.google.com/ Server: Search-History HTTP Server Content-Length: 219 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 443:quic,p=0.002 Set-Cookie: PREF=ID=a30c54184dd7cd86:TM=1411504191:LM=1411504191:S=mzaf9pVWNs07pBNw; expires=Thu, 22-Sep-2016 20:29:51 GMT; path=/; domain=.google.com X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/chrome/index.html?hl=lt&brand=CHNG&utm_source=lt-hpp&utm_medium=hpp&utm_campaign=lt | 200 OK Content-Length: 24906 Content-Type: text/html | clean |
http://www.google.lt/intl/lt/chrome/assets/common/js/chrome.min.js | 200 OK Content-Length: 186560 Content-Type: text/javascript | clean |
http://www.google.lt/intl/lt/chrome/assets/common/js/installer.min.js | 200 OK Content-Length: 65568 Content-Type: text/javascript | clean |
http://www.google.lt/intl/lt/chrome/ | 200 OK Content-Length: 24906 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fgnwbltulr.honeymoonscorp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fgnwbltulr.honeymoonscorp.com/
Result: fgnwbltulr.honeymoonscorp.com is not infected or malware details are not published yet.
Result: fgnwbltulr.honeymoonscorp.com is not infected or malware details are not published yet.