Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: helloplantdoctor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Jun 2015 05:16:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://helloplantdoctor.com/xmlrpc.php
GET / HTTP/1.1
Host: helloplantdoctor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Jun 2015 05:16:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://helloplantdoctor.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: helloplantdoctor.com
Referer: http://www.google.com/search?q=helloplantdoctor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: helloplantdoctor.com
Referer: http://www.google.com/search?q=helloplantdoctor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://helloplantdoctor.com/ | HTTP/1.1 200 OK Connection: close Date: Mon, 15 Jun 2015 05:16:59 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 X-Pingback: http://helloplantdoctor.com/xmlrpc.php | clean |
https://www.facebook.com/ant.hacktim | HTTP/1.1 200 OK Cache-Control: private, no-cache, no-store, must-revalidate Connection: close Date: Mon, 15 Jun 2015 05:17:01 GMT Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html Expires: Sat, 01 Jan 2000 00:00:00 GMT P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim; path=/; domain=.facebook.com; httponly Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim; path=/; domain=.facebook.com; httponly Strict-Transport-Security: max-age=15552000; preload X-Content-Type-Options: nosniff X-FB-Debug: uWUvVGy7QjibW9G1k6iVg3N8wrDoA1D06dT+1pmCY/Fb6IUlqNLbdsfZ6kBAnFV4qD7zbAvHg3HmA7wuVUn4tA== X-Frame-Options: DENY X-UA-Compatible: IE=edge,chrome=1 X-XSS-Protection: 0 | clean |
https://www.facebook.com/ant.hacktim?_fb_noscript=1 | 200 OK Content-Length: 300948 Content-Type: text/html | clean |
https://fbstatic-a.akamaihd.net/rsrc.php/v2/yy/r/ycIMKZdfCak.js | 200 OK Content-Length: 108229 Content-Type: application/x-javascript | clean |
http://helloplantdoctor.com/pages/create/?ref_type=page_profile_button&ref_id=735695683175046 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/r.php?profile_id=735695683175046&next=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim&friend_or_subscriber=friend | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/a.735697386508209.1073741827.735695683175046/787136511364296/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/a.735696129841668.1073741825.735695683175046/825587190852561/?type=1&source=11 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831549483589665/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831544153590198/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831423863602227/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831419066936040/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831303096947637/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831131186964828/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://helloplantdoctor.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1434345423./831106710300609/?type=1 | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=helloplantdoctor.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://helloplantdoctor.com/
Result: helloplantdoctor.com is not infected or malware details are not published yet.
Result: helloplantdoctor.com is not infected or malware details are not published yet.