Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kargohaber.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 10 Oct 2014 16:13:21 GMT
Server: Microsoft-IIS/7.5
Content-Length: 40142
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSCBSTCSC=OFONOEKDLDPJLDCIKDIFOMHB; path=/
X-Powered-By: ASP.NET
...40142 bytes of data.
GET / HTTP/1.1
Host: kargohaber.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 10 Oct 2014 16:13:21 GMT
Server: Microsoft-IIS/7.5
Content-Length: 40142
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSCBSTCSC=OFONOEKDLDPJLDCIKDIFOMHB; path=/
X-Powered-By: ASP.NET
...40142 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kargohaber.com
Referer: http://www.google.com/search?q=kargohaber.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kargohaber.com
Referer: http://www.google.com/search?q=kargohaber.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://kargohaber.com/ | 200 OK Content-Length: 40142 Content-Type: text/html | clean |
http://kargohaber.com/stm31.js | 200 OK Content-Length: 46101 Content-Type: application/x-javascript | clean |
http://bs.serving-sys.com/BurstingPipe/adServer.bs?cn=rsb&c=28&pli=11260453&PluID=0&w=740&h=90&ord=[timestamp] | 200 OK Content-Length: 4181 Content-Type: text/html | clean |
http://bs.serving-sys.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://run.admost.com/adx/get.ashx?k=27538&preredir={amClickThru} | 200 OK Content-Length: 21 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kargohaber.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kargohaber.com/
Result: kargohaber.com is not infected or malware details are not published yet.
Result: kargohaber.com is not infected or malware details are not published yet.