Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=go.idcspy.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://go.idcspy.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: go.idcspy.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 13:15:18 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 279
Content-Type: text/html;charset=ISO-8859-1
...279 bytes of data.
GET / HTTP/1.1
Host: go.idcspy.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 13:15:18 GMT
Server: Apache
Vary: User-Agent,Accept-Encoding
Content-Length: 279
Content-Type: text/html;charset=ISO-8859-1
...279 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: go.idcspy.org
Referer: http://www.google.com/search?q=go.idcspy.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: go.idcspy.org
Referer: http://www.google.com/search?q=go.idcspy.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://go.idcspy.org/ | 200 OK Content-Length: 279 Content-Type: text/html | clean |
http://go.idcspy.org/.ftpquota | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 22 Jul 2014 13:15:18 GMT Location: http://403.shtml Server: Apache Vary: Accept-Encoding Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 | clean |
http://403.shtml/ | 500 Can't connect to 403.shtml:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
http://403.shtml/test404page.js | 500 Can't connect to 403.shtml:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
http://go.idcspy.org/cgi-bin/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 22 Jul 2014 13:15:19 GMT Location: http://403.shtml Server: Apache Vary: Accept-Encoding Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 | clean |
http://go.idcspy.org/gd/ | 200 OK Content-Length: 286 Content-Type: text/html | clean |
http://go.idcspy.org/gd/30off/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 22 Jul 2014 13:15:20 GMT Location: http://www.tkqlhce.com/click-2118857-10388358?sid=org30&url=http%3A%2F%2Fwww.godaddy.com%2F%3Fadc%3Dus%26isc%3Dcjcy0513a Server: Apache Vary: Accept-Encoding Content-Length: 332 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.tkqlhce.com/click-2118857-10388358?sid=org30&url=http%3a%2f%2fwww.godaddy.com%2f%3fadc%3dus%26isc%3dcjcy0513a | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 22 Jul 2014 13:15:20 GMT Pragma: no-cache Location: http://cj.dotomi.com/om75nmvuC/mty/BADIIDFI/CBBIIFH/A/A/A?b=i6wr%3D25uHE%2685z%3Dv773%25HO%25GT%25GTAAA.u2rorrC.q20%25GT%25HTorq%25HR86%25GKw6q%25HRqxqCEJFHo<<v773%3A%2F%2FAAA.7y4zvqs.q20%3AME%2Fqzwqy-GFFMMJL-FEHMMHJM<<U<< Server: Resin/3.1.8 Content-Type: text/html Expires: Tue, 22 Jul 2014 13:15:20 GMT P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT" | clean |
http://cj.dotomi.com/om75nmvuc/mty/badiidfi/cbbiifh/a/a/a?b=i6wr%3d25uhe%2685z%3dv773%25ho%25gt%25gtaaa.u2rorrc.q20%25gt%25htorq%25hr86%25gkw6q%25hrqxqcejfho<<v773%3a%2f%2faaa.7y4zvqs.q20%3ame%2fqzwqy-gffmmjl-fehmmhjm<<u<< | 404 Not Found Content-Length: 50 Content-Type: image/gif | clean |
http://go.idcspy.org/gd/shared/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 22 Jul 2014 13:15:21 GMT Location: http://www.kqzyfj.com/click-6186696-10388358?sid=sharedorg&url=http%3A%2F%2Fwww.godaddy.com%2Fhosting%2Fhosting.aspx%3Fadc%3DUS%26isc%3Dcjcy0613a Server: Apache Vary: Accept-Encoding Content-Length: 357 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.kqzyfj.com/click-6186696-10388358?sid=sharedorg&url=http%3a%2f%2fwww.godaddy.com%2fhosting%2fhosting.aspx%3fadc%3dus%26isc%3dcjcy0613a | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 22 Jul 2014 13:15:21 GMT Pragma: no-cache Location: http://cj.dotomi.com/cf81shqp7/hot/658DD8AD/B6DBBEB/5/5/5?h=f9zu%3D9yr8vu58x%26B82%3DyAA6%25KR%25JW%25JWDDD.x5uruuF.t53%25JWy59Az4x%25JWy59Az4x.r96E%25KWrut%25KUB9%25JNz9t%25KUt0tFHNIKr<<yAA6%3A%2F%2FDDD.17GFw0.t53%3APH%2Ft2zt1-NIPNNQN-IHKPPKMP<<X<< Server: Resin/3.1.8 Content-Type: text/html Expires: Tue, 22 Jul 2014 13:15:21 GMT P3P: policyref="/w3c/p3p.xml", CP="ALL BUS LEG DSP COR ADM CUR DEV PSA OUR NAV INT" | clean |
http://cj.dotomi.com/cf81shqp7/hot/658dd8ad/b6dbbeb/5/5/5?h=f9zu%3d9yr8vu58x%26b82%3dyaa6%25kr%25jw%25jwddd.x5uruuf.t53%25jwy59az4x%25jwy59az4x.r96e%25kwrut%25kub9%25jnz9t%25kut0tfhnikr<<yaa6%3a%2f%2fddd.17gfw0.t53%3aph%2ft2zt1-nipnnqn-ihkppkmp<<x<< | 404 Ad not found: network: cjo aid=0 Content-Length: 50 Content-Type: image/gif | clean |