Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=photobybobbi.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cricfree.sx
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 May 2015 05:17:58 GMT
Server: cloudflare-nginx
Content-Type: text/html; charset=UTF-8
CF-RAY: 1eae4c295c480af6-WAW
Set-Cookie: __cfduid=d26df9eab9b4b12bf123105e7c47c98911432358278; expires=Sun, 22-May-16 05:17:58 GMT; path=/; domain=.cricfree.sx; HttpOnly
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22029ada386edf5f859bf24ab7d8bfa056%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22141.101.89.198%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1432361876%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Df8c3332cea5ba15470b96cfe23f9916a; expires=Sat, 23-May-2015 08:17:56 GMT; Max-Age=7200; path=/
X-Powered-By: PHP/5.6.0
GET / HTTP/1.1
Host: cricfree.sx
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 23 May 2015 05:17:58 GMT
Server: cloudflare-nginx
Content-Type: text/html; charset=UTF-8
CF-RAY: 1eae4c295c480af6-WAW
Set-Cookie: __cfduid=d26df9eab9b4b12bf123105e7c47c98911432358278; expires=Sun, 22-May-16 05:17:58 GMT; path=/; domain=.cricfree.sx; HttpOnly
Set-Cookie: ci_session=a%3A5%3A%7Bs%3A10%3A%22session_id%22%3Bs%3A32%3A%22029ada386edf5f859bf24ab7d8bfa056%22%3Bs%3A10%3A%22ip_address%22%3Bs%3A14%3A%22141.101.89.198%22%3Bs%3A10%3A%22user_agent%22%3Bs%3A50%3A%22Mozilla%2F4.0+%28compatible%3B+MSIE+8.0%3B+Windows+NT+5.1%29%22%3Bs%3A13%3A%22last_activity%22%3Bi%3A1432361876%3Bs%3A9%3A%22user_data%22%3Bs%3A0%3A%22%22%3B%7Df8c3332cea5ba15470b96cfe23f9916a; expires=Sat, 23-May-2015 08:17:56 GMT; Max-Age=7200; path=/
X-Powered-By: PHP/5.6.0
Second query (visit from search engine):
GET / HTTP/1.1
Host: cricfree.sx
Referer: http://www.google.com/search?q=cricfree.sx
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cricfree.sx
Referer: http://www.google.com/search?q=cricfree.sx
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://photobybobbi.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Jan 2015 05:46:40 GMT Location: http://bybobbi.com Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 404 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://bybobbi.com/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://bybobbi.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 13 Jan 2015 05:46:46 GMT Location: http://pharmacy-2015.com/ Server: nginx Content-Length: 270 Content-Type: text/html; charset=iso-8859-1 | clean |
http://pharmacy-2015.com/ | HTTP/1.1 302 Found Connection: close Date: Tue, 13 Jan 2015 05:46:47 GMT Location: http://magicgenericservice.com Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | clean |
http://magicgenericservice.com/ | 500 Server closed connection without sending any data back Content-Length: 117 Content-Type: text/plain | clean |
http://magicgenericservice.com/test404page.js | 500 Server closed connection without sending any data back Content-Length: 117 Content-Type: text/plain | clean |