Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: carhue.com.ar
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 31 Mar 2014 00:21:06 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=23c122eaa7da8a5d68b796e1fdcf63a1; path=/
Set-Cookie: sesionid=1449682290; expires=Mon, 31-Mar-2014 04:21:06 GMT; path=/; domain=carhue.com.ar
X-Powered-By: PHP/5.2.9
GET / HTTP/1.1
Host: carhue.com.ar
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 31 Mar 2014 00:21:06 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=23c122eaa7da8a5d68b796e1fdcf63a1; path=/
Set-Cookie: sesionid=1449682290; expires=Mon, 31-Mar-2014 04:21:06 GMT; path=/; domain=carhue.com.ar
X-Powered-By: PHP/5.2.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: carhue.com.ar
Referer: http://www.google.com/search?q=carhue.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: carhue.com.ar
Referer: http://www.google.com/search?q=carhue.com.ar
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://portablegeneratordeals.net/ | 200 OK Content-Length: 936 Content-Type: text/html | clean |
http://portablegeneratordeals.net/.ftpquota | 403 Forbidden Content-Length: 18200 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: text/javascript | clean |
http://portablegeneratordeals.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 21 Mar 2015 18:38:19 GMT Location: http://vip-rx-solutions.com/ Server: nginx/1.6.2 Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vip-rx-solutions.com/ | 500 Can't connect to vip-rx-solutions.com:80 Content-Length: 195 Content-Type: text/plain | clean |
http://vip-rx-solutions.com/test404page.js | 500 Can't connect to vip-rx-solutions.com:80 Content-Length: 195 Content-Type: text/plain | clean |
http://portablegeneratordeals.net/adtdl.php | 200 OK Content-Length: 3569 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Dadou Dz <html><head>
<meta http-equiv='X-UA-Compatible' content='IE=edge'> <title>Hacked By Dadou Dz</title> <link rel='shortcut icon' href='http://62.mgl.skyrock.net/art/GRA1.48062.355.2.jpg'> <title>Dadou Dz</title> <style> <!-- SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } --> </style> <script type='text/javascript' ...[4173 bytes skipped]... | ||
http://v.zilionfast.in/1522753370/?t=vrt | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Mar 2015 18:38:02 GMT Location: http://sso.anbtr.com/domain/v.zilionfast.in Server: nginx Content-Type: text/html Set-Cookie: btst=d5bca83d641932a1f4f42fd3f76ecaf9|78.158.11.226|1426963081|1426963081|0|1|0 Set-Cookie: snkz=78.158.11.226 | malicious |
http://sso.anbtr.com/domain/v.zilionfast.in | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Mar 2015 18:35:15 GMT Location: http://xsso.v.zilionfast.in/18139adb2ede68a9c82dea93099c658d Server: nginx Content-Type: text/html Set-Cookie: anbtr=18139adb2ede68a9c82dea93099c658d; domain=.zilionfast.in | clean |
http://xsso.v.zilionfast.in/18139adb2ede68a9c82dea93099c658d | 200 OK Content-Length: 24 Content-Type: text/html | clean |
http://portablegeneratordeals.net//static.getjs.net/sd/1018/1022.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 21 Mar 2015 18:38:22 GMT Location: http://vip-rx-solutions.com/ Server: nginx/1.6.2 Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://portablegeneratordeals.net//static.getjs.net/sd/1018/1005.js/ | HTTP/1.1 302 Found Connection: close Date: Sat, 21 Mar 2015 18:38:23 GMT Location: http://vip-rx-solutions.com/ Server: nginx/1.6.2 Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://portablegeneratordeals.net/ai/ | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
http://portablegeneratordeals.net/bpq/ | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
http://portablegeneratordeals.net/bx/ | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
http://portablegeneratordeals.net/cgi-bin/ | 403 Forbidden Content-Length: 18200 Content-Type: text/html | clean |
http://portablegeneratordeals.net/el/ | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
http://portablegeneratordeals.net/hvp/ | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
http://portablegeneratordeals.net/in.php | 200 OK Content-Length: 3569 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=portablegeneratordeals.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://portablegeneratordeals.net/
Result: portablegeneratordeals.net is not infected or malware details are not published yet.
Result: portablegeneratordeals.net is not infected or malware details are not published yet.