Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hotzone2ss.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=259200
Connection: close
Date: Thu, 26 Feb 2015 00:20:24 GMT
Pragma: no-cache
Server: nginx/1.0.14
Content-Type: text/html; charset=utf-8
Expires: Sun, 01 Mar 2015 00:20:24 GMT
Set-Cookie: PHPSESSID=3tflud81fu6g09m3ictt644s15; path=/
Set-Cookie: s159=1%3A1%3A%3A%3A; expires=Fri, 27-Feb-2015 00:20:24 GMT; path=/
Set-Cookie: ip=78.158.11.226; expires=Fri, 27-Feb-2015 00:20:24 GMT; path=/
X-Powered-By: PHP/5.3.10
GET / HTTP/1.1
Host: hotzone2ss.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=259200
Connection: close
Date: Thu, 26 Feb 2015 00:20:24 GMT
Pragma: no-cache
Server: nginx/1.0.14
Content-Type: text/html; charset=utf-8
Expires: Sun, 01 Mar 2015 00:20:24 GMT
Set-Cookie: PHPSESSID=3tflud81fu6g09m3ictt644s15; path=/
Set-Cookie: s159=1%3A1%3A%3A%3A; expires=Fri, 27-Feb-2015 00:20:24 GMT; path=/
Set-Cookie: ip=78.158.11.226; expires=Fri, 27-Feb-2015 00:20:24 GMT; path=/
X-Powered-By: PHP/5.3.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: hotzone2ss.com
Referer: http://www.google.com/search?q=hotzone2ss.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hotzone2ss.com
Referer: http://www.google.com/search?q=hotzone2ss.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://hotzone2ss.com/ | 200 OK Content-Length: 8049 Content-Type: text/html | clean |
http://hotzone2ss.com/?page=control | 200 OK Content-Length: 8119 Content-Type: text/html | clean |
http://hotzone2ss.com/portal/skins/js/jquery.min.js | 200 OK Content-Length: 94839 Content-Type: application/x-javascript | clean |
http://hotzone2ss.com/portal/skins/js/jquery-ui-1.8.23.custom.min.js | 200 OK Content-Length: 61960 Content-Type: application/x-javascript | clean |
http://hotzone2ss.com/content/js/format_number.js | 200 OK Content-Length: 5947 Content-Type: application/x-javascript | clean |
http://hotzone2ss.com/portal/rules.php | 200 OK Content-Length: 31399 Content-Type: text/html | clean |
http://hotzone2ss.com/test404page.js | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
http://hotzone2ss.com/?page=activate | 200 OK Content-Length: 7138 Content-Type: text/html | clean |
http://hotzone2ss.com/?page=mail | 200 OK Content-Length: 2203 Content-Type: text/html | clean |
http://hotzone2ss.com/blacktube/ | 200 OK Content-Length: 15268 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://hotzone2ss.com/blacktube//skins//js/jquery-ui-1.8.16.custom.min.js | 200 OK Content-Length: 22979 Content-Type: application/x-javascript | clean |
http://hotzone2ss.com/blacktube//skins//js/chat.js | 200 OK Content-Length: 16461 Content-Type: application/x-javascript | clean |
http://hotzone2ss.com/blacktube/?page=join&action=activate&join=1 | 200 OK Content-Length: 10789 Content-Type: text/html | clean |
http://hotzone2ss.com/blacktube/?page=new | HTTP/1.1 302 Found Cache-Control: max-age=259200 Connection: close Date: Thu, 26 Feb 2015 00:20:30 GMT Pragma: no-cache Location: http://hotzone2ss.com/blacktube/?page=join&join=1 Server: nginx/1.0.14 Content-Length: 3 Content-Type: text/html; charset=utf-8 Expires: Sun, 01 Mar 2015 00:20:30 GMT Set-Cookie: PHPSESSID=93edioddlub6j24qh42tpj29l1; path=/ Set-Cookie: s160=1%3A1%3A%3A%3A; expires=Fri, 27-Feb-2015 00:20:30 GMT; path=blacktube/ Set-Cookie: ip=78.158.11.226; expires=Fri, 27-Feb-2015 00:20:30 GMT; path=blacktube/ X-Powered-By: PHP/5.3.10 | clean |
http://hotzone2ss.com/blacktube/?page=join&join=1 | 200 OK Content-Length: 14655 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hotzone2ss.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hotzone2ss.com/
Result: hotzone2ss.com is not infected or malware details are not published yet.
Result: hotzone2ss.com is not infected or malware details are not published yet.