Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: phenorotica.com
Result:
HTTP/1.1 302 Found
Date: Mon, 31 Mar 2014 08:57:14 GMT
Location: http://www.searchremagnified.com/?dn=phenorotica.com&pid=9POMVZTAI
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: gvc=910vr1438018342527359; expires=Sat, 30-Mar-2019 08:57:14 GMT; path=/; domain=phenorotica.com; httponly
X-Cnection: close
X-Powered-By: PHP/5.3.21
...0 bytes of data.
GET / HTTP/1.1
Host: phenorotica.com
Result:
HTTP/1.1 302 Found
Date: Mon, 31 Mar 2014 08:57:14 GMT
Location: http://www.searchremagnified.com/?dn=phenorotica.com&pid=9POMVZTAI
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: gvc=910vr1438018342527359; expires=Sat, 30-Mar-2019 08:57:14 GMT; path=/; domain=phenorotica.com; httponly
X-Cnection: close
X-Powered-By: PHP/5.3.21
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: phenorotica.com
Referer: http://www.google.com/search?q=phenorotica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: phenorotica.com
Referer: http://www.google.com/search?q=phenorotica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://phenorotica.com/ | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:14 GMT Location: http://www.searchremagnified.com/?dn=phenorotica.com&pid=9POMVZTAI Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: gvc=910vr1438018342527359; expires=Sat, 30-Mar-2019 08:57:14 GMT; path=/; domain=phenorotica.com; httponly X-Cnection: close X-Powered-By: PHP/5.3.21 | clean |
http://www.searchremagnified.com/?dn=phenorotica.com&pid=9pomvztai | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:14 GMT Location: http://freeresultsguide.com/?dn=phenorotica.com&pid=9pomvztai Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Length: 340 Content-Type: text/html; charset=iso-8859-1 X-Cnection: close | clean |
http://freeresultsguide.com/?dn=phenorotica.com&pid=9pomvztai | 200 OK Content-Length: 2451 Content-Type: text/html | clean |
http://freeresultsguide.com/?dn=phenorotica.com&fp=YwZLYNZY2qy193PwYFMOq7JTY7wHZu%2BvsKDLdNiXa2u8WzMOAsQ9n6AygCGsVWimVx5GbkaMoeEo82u3H2KOeQ%3D%3D&prvtof=HJ8C7IhNaPY91ri2Yz%2FbClSiO3qJw3ykFOwTyoK9SeQ%3D&poru=mayn10iUpmuo7TqZSWo8LrLn7P8fURHx4wSCc%2BUadkDAReNLW0rYlTvPH0TBOTR0jsLrOJ9dQSf3hNhnvvPTTJJwwXeXb347CBIyUIAOtvE%3D& | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://freeresultsguide.com/test404page.js | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:15 GMT Location: http://pagesinxt.com/?dn=freeresultsguide.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cnection: close X-Powered-By: PHP/5.3.21 | clean |
http://pagesinxt.com/?dn=freeresultsguide.com&flrdr=yes&nxte=js | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:16 GMT Location: http://mypageresults.com/?dn=freeresultsguide.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Length: 338 Content-Type: text/html; charset=iso-8859-1 X-Cnection: close | clean |
http://mypageresults.com/?dn=freeresultsguide.com&flrdr=yes&nxte=js | 200 OK Content-Length: 2509 Content-Type: text/html | clean |
http://mypageresults.com/?dn=freeresultsguide.com&fp=E2KqKO9NLqrBziyzbd0xncmeBTuWxALKBjm6oWLpe%2F7ANw8VyU52%2FKnzv2YwWooO9jW31Miw0lZhtT79hRNw1w%3D%3D&prvtof=TPi1j258oW9FYltAFPoRmb4oIgKft3UBJT96Y6xu4CU%3D&poru=0JXUCCo7zaB3GNYtUqb6u6xeoIS3ywkxTmDXOTYML2cfFfTZPWxj9rf5nfGafmAyxjY5628rNOdk0AG784UTJXdx9ZuTxmuDMij4BqLXnEk%3D&flrdr=yes&nxte=js | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://mypageresults.com/test404page.js | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:17 GMT Location: http://pagesinxt.com/?dn=mypageresults.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cnection: close X-Powered-By: PHP/5.3.21 | clean |
http://pagesinxt.com/?dn=mypageresults.com&flrdr=yes&nxte=js | HTTP/1.1 302 Found Date: Mon, 31 Mar 2014 08:57:17 GMT Location: http://mypageresults.com/?dn=mypageresults.com&flrdr=yes&nxte=js Server: Apache/2.2.3 (Red Hat) Vary: Accept-Encoding Content-Length: 335 Content-Type: text/html; charset=iso-8859-1 X-Cnection: close | clean |
http://mypageresults.com/?dn=mypageresults.com&flrdr=yes&nxte=js | 200 OK Content-Length: 2519 Content-Type: text/html | clean |
http://mypageresults.com/?dn=mypageresults.com&fp=1GhIefmhmXu411lNbpgUPrQ2y1k189Bgh55Tb4kKpGFjJBXdFTg9BWVtPPEt29E9XPvu2M9v%2B7qimwlFoDIB4A%3D%3D&prvtof=wkg6MCYiE%2FoU0YlsPw8p%2FWoMpE3O9t5n8CK0LEFpSqc%3D&poru=iv56YVWwnh%2FXoft4x%2FsokfMJi1QH%2BYwkPwj6IBI6HfhJ4MTvWxKQ%2FocRct2VNAocf1LvMw%2BOUJWibacnwk%2B%2FE%2FRxJ%2Bbl%2F75NuYwZj2EEAA4%3D&flrdr=yes&nxte=js | 200 OK Content-Length: 271 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=phenorotica.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://phenorotica.com/
Result: phenorotica.com is not infected or malware details are not published yet.
Result: phenorotica.com is not infected or malware details are not published yet.