Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: paroquiasaojose.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 04:05:16 GMT
Location: http://www.portaldailha.com.br/
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_wsgi/3.3 Python/2.4.3 mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1
...435 bytes of data.
GET / HTTP/1.1
Host: paroquiasaojose.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 03 Mar 2015 04:05:16 GMT
Location: http://www.portaldailha.com.br/
Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_wsgi/3.3 Python/2.4.3 mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Length: 435
Content-Type: text/html; charset=iso-8859-1
...435 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: paroquiasaojose.net.br
Referer: http://www.google.com/search?q=paroquiasaojose.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: paroquiasaojose.net.br
Referer: http://www.google.com/search?q=paroquiasaojose.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://paroquiasaojose.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 04:05:16 GMT Location: http://www.portaldailha.com.br/ Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_wsgi/3.3 Python/2.4.3 mod_auth_passthrough/2.1 mod_bwlimited/1.4 Content-Length: 435 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.portaldailha.com.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 03 Mar 2015 04:05:17 GMT Location: http://www.portaldailha.com.br/home/ Server: Apache/2.2.19 (Unix) mod_ssl/2.2.19 OpenSSL/0.9.8e-fips-rhel5 mod_wsgi/3.3 Python/2.4.3 mod_auth_passthrough/2.1 mod_bwlimited/1.4 Content-Length: 441 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.portaldailha.com.br/home/ | 200 OK Content-Length: 56564 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.18/jquery-ui.min.js | 200 OK Content-Length: 201842 Content-Type: text/javascript | clean |
http://paroquiasaojose.net.br/../galeria/js/jquery.timers-1.2.js | 400 Bad Request Content-Length: 541 Content-Type: text/html | clean |
http://paroquiasaojose.net.br/test404page.js | 404 Not Found Content-Length: 527 Content-Type: text/html | clean |
http://paroquiasaojose.net.br/../galeria/js/jquery.easing.1.3.js | 400 Bad Request Content-Length: 541 Content-Type: text/html | clean |
http://paroquiasaojose.net.br/../galeria/js/jquery.galleryview-3.0-dev.js | 400 Bad Request Content-Length: 541 Content-Type: text/html | clean |
https://cdnjs.cloudflare.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: application/javascript | clean |
https://cdnjs.cloudflare.com/ajax/libs/jquery-easing/1.3/jquery.easing.min.js | 200 OK Content-Length: 5555 Content-Type: application/javascript | clean |
https://cdnjs.cloudflare.com/ajax/libs/jquery.touchswipe/1.6.4/jquery.touchSwipe.min.js | 200 OK Content-Length: 10629 Content-Type: application/javascript | clean |
http://paroquiasaojose.net.br/../dev/slide/js/jquery.liquid-slider.min.js | 400 Bad Request Content-Length: 541 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=paroquiasaojose.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://paroquiasaojose.net.br/
Result: paroquiasaojose.net.br is not infected or malware details are not published yet.
Result: paroquiasaojose.net.br is not infected or malware details are not published yet.