Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: himu1990.blogspot.in
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Date: Wed, 16 Jul 2014 05:19:13 GMT
Pragma: no-cache
Location: http://www.blogger.com/blogin.g?blogspotURL=http://himu1990.blogspot.in/
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
GET / HTTP/1.1
Host: himu1990.blogspot.in
Result:
HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: close
Date: Wed, 16 Jul 2014 05:19:13 GMT
Pragma: no-cache
Location: http://www.blogger.com/blogin.g?blogspotURL=http://himu1990.blogspot.in/
Server: GSE
Content-Type: text/html; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Alternate-Protocol: 80:quic
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Second query (visit from search engine):
GET / HTTP/1.1
Host: himu1990.blogspot.in
Referer: http://www.google.com/search?q=himu1990.blogspot.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: himu1990.blogspot.in
Referer: http://www.google.com/search?q=himu1990.blogspot.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://himu1990.blogspot.in/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 16 Jul 2014 05:19:13 GMT Pragma: no-cache Location: http://www.blogger.com/blogin.g?blogspotURL=http://himu1990.blogspot.in/ Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.blogger.com/blogin.g?blogspoturl=http://himu1990.blogspot.in/ | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:14 GMT Location: https://www.blogger.com/blogin.g?blogspoturl=http://himu1990.blogspot.in/ Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:14 GMT Alternate-Protocol: 80:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.blogger.com/blogin.g?blogspoturl=http://himu1990.blogspot.in/ | 400 Bad Request Content-Length: 4728 Content-Type: text/html | clean |
https://www.blogger.com/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Wed, 16 Jul 2014 05:19:14 GMT Pragma: no-cache Location: https://www.blogger.com/home Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Alternate-Protocol: 443:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.blogger.com/home | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:15 GMT Location: https://accounts.google.com/ServiceLogin?service=blogger&passive=1209600&continue=https://www.blogger.com/home&followup=https://www.blogger.com/home<mpl=start Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:15 GMT Alternate-Protocol: 443:quic P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/servicelogin?service=blogger&passive=1209600&continue=https://www.blogger.com/home&followup=https://www.blogger.com/home<mpl=start | 200 OK Content-Length: 69508 Content-Type: text/html | clean |
https://accounts.google.com/SignUp?service=blogger&continue=https%3A%2F%2Fwww.blogger.com%2Fhome<mpl=start | 200 OK Content-Length: 300318 Content-Type: text/html | clean |
https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fwww.blogger.com%2Fhome&service=blogger<mpl=start&dsh=4226583438694896062 | 200 OK Content-Length: 66892 Content-Type: text/html | clean |
https://accounts.google.com/TOS?loc=LT&hl=en | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store Connection: close Date: Wed, 16 Jul 2014 05:19:16 GMT Pragma: no-cache Location: https://www.google.lt/intl/en/policies/terms/ Server: GSE Content-Length: 227 Content-Type: text/html; charset=UTF-8 Expires: Mon, 01-Jan-1990 00:00:00 GMT Alternate-Protocol: 443:quic Set-Cookie: GoogleAccountsLocale_session=en; Path=/; Secure; HttpOnly Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/ | HTTP/1.1 200 OK Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:17 GMT Server: sffe Vary: Accept-Encoding Content-Type: text/html Expires: Wed, 16 Jul 2014 05:19:17 GMT Last-Modified: Tue, 24 Jan 2012 14:44:29 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://www.google.lt/intl/en/policies/terms/regional.html | 200 OK Content-Length: 20900 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/js/google.js/ | 404 Not Found Content-Length: 1438 Content-Type: text/html | clean |
https://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
https://accounts.google.com//www.google.com/js/maia.js/ | 404 Not Found Content-Length: 23425 Content-Type: text/html | clean |
https://accounts.google.com/ | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:18 GMT Location: https://accounts.google.com/ManageAccount Server: GSE Content-Length: 223 Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:18 GMT Alternate-Protocol: 443:quic Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/manageaccount | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:18 GMT Location: https://accounts.google.com/ServiceLogin?passive=1209600&continue=https%3A%2F%2Faccounts.google.com%2Fmanageaccount&followup=https%3A%2F%2Faccounts.google.com%2Fmanageaccount Server: GSE Content-Length: 364 Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:18 GMT Alternate-Protocol: 443:quic Set-Cookie: GAPS=1:Jj25dF2b5A-NPbnG4Pd0KoWjHs88Ew:rmZhlQjpIUXiOYOd;Path=/;Expires=Fri, 15-Jul-2016 05:19:18 GMT;Secure;HttpOnly;Priority=HIGH Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/servicelogin?passive=1209600&continue=https%3a%2f%2faccounts.google.com%2fmanageaccount&followup=https%3a%2f%2faccounts.google.com%2fmanageaccount | 200 OK Content-Length: 66688 Content-Type: text/html | clean |
https://accounts.google.com/RecoverAccount?continue=https%3A%2F%2Faccounts.google.com%2Fmanageaccount | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:18 GMT Location: https://www.google.com/accounts/recovery?hl=en&ard=AHwGkRkQH7ZCYAsW-w-bbRohCLgCUEOMkoI8TgDpy7YSK2u7UlrfWC2VD847YMHbTqO7fQwoM1cs5i-0E9t18-UtPrWfO69OVO_zPni1RF8l8nWP39MGGlpffslyHol9FZmxVhD3DYWbkv1ghkRE2j6iwixGSXgSXQ Server: GSE Content-Length: 399 Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:18 GMT Alternate-Protocol: 443:quic Set-Cookie: GAPS=1:UsrlTu4LK9Z3nJZa_1FlSSJz89CRiw:t15nBuBF99PvAP73;Path=/;Expires=Fri, 15-Jul-2016 05:19:18 GMT;Secure;HttpOnly;Priority=HIGH Strict-Transport-Security: max-age=10893354; includeSubDomains X-Content-Type-Options: nosniff X-Frame-Options: DENY X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/accounts/recovery?hl=en&ard=ahwgkrkqh7zcyasw-w-bbrohclgcueomkoi8tgdpy7ysk2u7ulrfwc2vd847ymhbtqo7fqwom1cs5i-0e9t18-utprwfo69ovo_zpni1rf8l8nwp39mgglpffslyhol9fzmxvhd3dywbkv1ghkre2j6iwixgsxgsxq | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, max-age=0, must-revalidate Connection: close Date: Wed, 16 Jul 2014 05:19:19 GMT Pragma: no-cache Location: https://www.google.com/accounts/RecoverAccount?hl=en&ard=ahwgkrkqh7zcyasw-w-bbrohclgcueomkoi8tgdpy7ysk2u7ulrfwc2vd847ymhbtqo7fqwom1cs5i-0e9t18-utprwfo69ovo_zpni1rf8l8nwp39mgglpffslyhol9fzmxvhd3dywbkv1ghkre2j6iwixgsxgsxq&arr=AHwGkRkDmG6gGSaua6VQ7me8ReAkuP26X7y7dYnHt_WjrZQcl7KKZQg5UCjfNP_447ttwdiSrWCs2ipLHTtI6rd3ZZzhEohFMTsRvMB5lSgXfdSZdDxUtipBbc0izjufst0RMxB0Iu6T Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Set-Cookie: accountrecoverylocale=en; Expires=Wed, 23-Jul-2014 05:19:19 GMT; Path=/accounts/recovery; Secure; HttpOnly Set-Cookie: S=account-recovery=-9VMRwmMYXc; Domain=.google.com; Path=/; Secure; HttpOnly X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/accounts/recoveraccount?hl=en&ard=ahwgkrkqh7zcyasw-w-bbrohclgcueomkoi8tgdpy7ysk2u7ulrfwc2vd847ymhbtqo7fqwom1cs5i-0e9t18-utprwfo69ovo_zpni1rf8l8nwp39mgglpffslyhol9fzmxvhd3dywbkv1ghkre2j6iwixgsxgsxq&arr=ahwgkrkdmg6ggsaua6vq7me8reakup26x7y7dynht_wjrzqcl7kkzqg5ucjfnp_447ttwdisrwcs2iplhtti6rd3zzzheohfmtsrvmb5lsgxfdszddxutipbbc0izjufst0rmxb0iu6t | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Wed, 16 Jul 2014 05:19:19 GMT Location: https://accounts.google.com/recoveraccount?hl=en&ard=ahwgkrkqh7zcyasw-w-bbrohclgcueomkoi8tgdpy7ysk2u7ulrfwc2vd847ymhbtqo7fqwom1cs5i-0e9t18-utprwfo69ovo_zpni1rf8l8nwp39mgglpffslyhol9fzmxvhd3dywbkv1ghkre2j6iwixgsxgsxq&arr=ahwgkrkdmg6ggsaua6vq7me8reakup26x7y7dynht_wjrzqcl7kkzqg5ucjfnp_447ttwdisrwcs2iplhtti6rd3zzzheohfmtsrvmb5lsgxfdszddxutipbbc0izjufst0rmxb0iu6t Server: GSE Content-Length: 550 Content-Type: text/html; charset=UTF-8 Expires: Wed, 16 Jul 2014 05:19:19 GMT Set-Cookie: GoogleAccountsLocale_session=en; Path=/; Secure; HttpOnly X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://accounts.google.com/recoveraccount?hl=en&ard=ahwgkrkqh7zcyasw-w-bbrohclgcueomkoi8tgdpy7ysk2u7ulrfwc2vd847ymhbtqo7fqwom1cs5i-0e9t18-utprwfo69ovo_zpni1rf8l8nwp39mgglpffslyhol9fzmxvhd3dywbkv1ghkre2j6iwixgsxgsxq&arr=ahwgkrkdmg6ggsaua6vq7me8reakup26x7y7dynht_wjrzqcl7kkzqg5ucjfnp_447ttwdisrwcs2iplhtti6rd3zzzheohfmtsrvmb5lsgxfdszddxutipbbc0izjufst0rmxb0iu6t | 400 Bad Request Content-Length: 145 Content-Type: text/html | clean |
https://accounts.google.com/SignUp?continue=https%3A%2F%2Faccounts.google.com%2Fmanageaccount | 200 OK Content-Length: 300267 Content-Type: text/html | clean |
https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Faccounts.google.com%2Fmanageaccount&dsh=-8866912002708763838 | 200 OK Content-Length: 66719 Content-Type: text/html | clean |
https://accounts.google.com/SignUpWithoutGmail?dsh=-8866912002708763838&continue=https%3A%2F%2Faccounts.google.com%2Fmanageaccount | 200 OK Content-Length: 300978 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=himu1990.blogspot.in
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://himu1990.blogspot.in/
Result: himu1990.blogspot.in is not infected or malware details are not published yet.
Result: himu1990.blogspot.in is not infected or malware details are not published yet.