Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: surveyidea.com
Result:
HTTP/1.1 200 OK
Date: Mon, 26 May 2014 15:32:06 GMT
Accept-Ranges: bytes
ETag: "df8695b4bb6ecf1:394"
Server: Microsoft-IIS/6.0
Content-Length: 1561
Content-Location: http://surveyidea.com/index.html
Content-Type: text/html
Last-Modified: Tue, 13 May 2014 14:57:48 GMT
X-Powered-By: ASP.NET
...1561 bytes of data.
GET / HTTP/1.1
Host: surveyidea.com
Result:
HTTP/1.1 200 OK
Date: Mon, 26 May 2014 15:32:06 GMT
Accept-Ranges: bytes
ETag: "df8695b4bb6ecf1:394"
Server: Microsoft-IIS/6.0
Content-Length: 1561
Content-Location: http://surveyidea.com/index.html
Content-Type: text/html
Last-Modified: Tue, 13 May 2014 14:57:48 GMT
X-Powered-By: ASP.NET
...1561 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: surveyidea.com
Referer: http://www.google.com/search?q=surveyidea.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: surveyidea.com
Referer: http://www.google.com/search?q=surveyidea.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.harborcovefinancial.com/ | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Apr 2015 11:46:16 GMT Location: http://194.6.233.7/mxjbb.cgi?default Server: Apache Content-Length: 297 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://194.6.233.7/mxjbb.cgi?default | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Apr 2015 11:46:11 GMT Location: http://bing.com/ Server: Apache/2 Content-Length: 263 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: golje=aCIhAGRlZmF1bHQAAgAAAAPPH1X__wPPH1VAAAEAAAADzx9VAA--; expires=Sun, 03-Apr-2016 11:46:11 GMT; path=/; domain=194.6.233.7 | clean |
http://bing.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Date: Sat, 04 Apr 2015 11:46:16 GMT Location: http://www.bing.com/ Server: Microsoft-IIS/8.5 Content-Length: 0 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _HOP=I=1&TS=1428147976; domain=bing.com; path=/ X-MSEdge-Ref: Ref A: A8F309B7A388442887209CADBABE7CBB Ref B: CF67A797710DE47EE686A090F70A0B7D Ref C: Sat Apr 04 04:46:16 2015 PST | clean |
http://www.bing.com/ | 200 OK Content-Length: 56801 Content-Type: text/html | clean |
http://www.bing.com/?scope=web&FORM=Z9LH | 200 OK Content-Length: 56917 Content-Type: text/html | clean |
http://www.bing.com/?scope=images&FORM=Z9LH1 | 200 OK Content-Length: 56934 Content-Type: text/html | clean |
http://www.bing.com/?scope=video&FORM=Z9LH2 | 200 OK Content-Length: 56929 Content-Type: text/html | clean |
http://www.bing.com/news?FORM=Z9LH3 | 200 OK Content-Length: 96792 Content-Type: text/html | clean |
http://www.bing.com/rms/rms%20answers%20News%20Vertical$newsSmartRefresh/jc/06505c61/092426a2.js | 200 OK Content-Length: 674 Content-Type: application/x-javascript | clean |
http://www.bing.com/rms/news4B/jc/f44b81d8/0e31551f.js?bu=rms+answers+News+Vertical%24domready%2cVertical%24newsBrowseCommonV6%2cVertical%24scroller%2cVertical%24baseInst%2cVertical%24makehomepage | 200 OK Content-Length: 12213 Content-Type: application/x-javascript | clean |
http://www.bing.com/search?q=&FORM=HDRSC1 | HTTP/1.1 302 Found Cache-Control: private Date: Sat, 04 Apr 2015 11:46:17 GMT Location: /?scope=web&mkt=en-ww&FORM=HDRSC1 Server: Microsoft-IIS/8.5 Vary: Accept-Encoding Content-Length: 158 Content-Type: text/html; charset=utf-8 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ Set-Cookie: _HOP=I=1&TS=1428147978; domain=.bing.com; path=/ Set-Cookie: _SS=SID=7F5BD161ABA64674A2BD2E9E55AD1A08; domain=.bing.com; path=/ Set-Cookie: SRCHD=AF=HDRSC1; expires=Mon, 03-Apr-2017 11:46:18 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=198A422B618B4F2CAA4622A38221A859; expires=Mon, 03-Apr-2017 11:46:18 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150404; expires=Mon, 03-Apr-2017 11:46:18 GMT; domain=.bing.com; path=/ Set-Cookie: _EDGE_S=F=1&SID=06A62B64C02A630432BD2C1BC1CE6243; path=/; httponly; domain=bing.com Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Mon, 03-Apr-2017 11:46:18 GMT; domain=bing.com Set-Cookie: MUID=1C3EBC1EE49263603B86BB61E57662D8; path=/; expires=Mon, 03-Apr-2017 11:46:18 GMT; domain=bing.com Set-Cookie: MUIDB=1C3EBC1EE49263603B86BB61E57662D8; path=/; httponly; expires=Mon, 03-Apr-2017 11:46:18 GMT X-MSEdge-Ref: Ref A: C2E90390BA1B45A5BDB794B72A38D95C Ref B: 68A85856994C3483530E150E049BE2C7 Ref C: Sat Apr 04 04:46:18 2015 PST | clean |
http://www.bing.com/?scope=web&mkt=en-ww&form=hdrsc1 | 200 OK Content-Length: 56963 Content-Type: text/html | clean |
http://www.bing.com/explore?FORM=Z9LH4 | 200 OK Content-Length: 28954 Content-Type: text/html | clean |
http://www.bing.com/images/search?q=&FORM=HDRSC2 | HTTP/1.1 302 Found Cache-Control: private Date: Sat, 04 Apr 2015 11:46:18 GMT Location: /?scope=images&nr=1&FORM=NOFORM Server: Microsoft-IIS/8.5 Vary: Accept-Encoding Content-Length: 156 Content-Type: text/html; charset=utf-8 Edge-Control: no-store P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND" Set-Cookie: _FS=NU=1; domain=.bing.com; path=/ Set-Cookie: _HOP=I=1&TS=1428147979; domain=.bing.com; path=/ Set-Cookie: _SS=SID=65BCFE67E2DC4C8C908C8FA8002AAEC6; domain=.bing.com; path=/ Set-Cookie: SRCHD=AF=HDRSC2; expires=Mon, 03-Apr-2017 11:46:19 GMT; domain=.bing.com; path=/ Set-Cookie: SRCHUID=V=2&GUID=201A499BB63B4E0EACB0E5282BE9163A; expires=Mon, 03-Apr-2017 11:46:19 GMT; path=/ Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20150404; expires=Mon, 03-Apr-2017 11:46:19 GMT; domain=.bing.com; path=/ Set-Cookie: _EDGE_S=F=1&SID=29C8D0D38A9E6DF12AE0D7AC8B7A6C40; path=/; httponly; domain=bing.com Set-Cookie: _EDGE_V=1; path=/; httponly; expires=Mon, 03-Apr-2017 11:46:19 GMT; domain=bing.com Set-Cookie: MUID=27E792C6F05265710EAB95B9F1B6642E; path=/; expires=Mon, 03-Apr-2017 11:46:19 GMT; domain=bing.com Set-Cookie: MUIDB=27E792C6F05265710EAB95B9F1B6642E; path=/; httponly; expires=Mon, 03-Apr-2017 11:46:19 GMT X-MSEdge-Ref: Ref A: 95DF467E55D84A3FAD205FE122BF527F Ref B: 490A8FE37972895CC951E52DDB1EC59A Ref C: Sat Apr 04 04:46:19 2015 PST | clean |
http://www.bing.com/?scope=images&nr=1&form=noform | 200 OK Content-Length: 56963 Content-Type: text/html | clean |
http://www.bing.com/account/general?ru=http%3a%2f%2fwww.bing.com%3a80%2f%3fscope%3dimages%26nr%3d1%26form%3dnoform&FORM=SEFD | 200 OK Content-Length: 47811 Content-Type: text/html | clean |
http://www.bing.com/?FORM=HDRHME&pq= | 200 OK Content-Length: 56849 Content-Type: text/html | clean |
http://www.bing.com/account/general?ru=http%3a%2f%2fwww.bing.com%3a80%2f%3fFORM%3dHDRHME%26pq%3d&FORM=SEFD | 200 OK Content-Length: 47627 Content-Type: text/html | clean |
http://www.bing.com/?FORM=Z9FD1 | 200 OK Content-Length: 57254 Content-Type: text/html | clean |
http://www.bing.com/account/general?ru=http%3a%2f%2fwww.bing.com%3a80%2f%3fFORM%3dZ9FD1&FORM=SEFD | 200 OK Content-Length: 47533 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=harborcovefinancial.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://harborcovefinancial.com/
Result: harborcovefinancial.com is not infected or malware details are not published yet.
Result: harborcovefinancial.com is not infected or malware details are not published yet.