Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rosemat.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 21:06:06 GMT
Accept-Ranges: bytes
ETag: "940395-1bff-52a4a36f"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 7167
Content-Type: text/html
Last-Modified: Sun, 08 Dec 2013 16:50:55 GMT
...7167 bytes of data.
GET / HTTP/1.1
Host: rosemat.free.fr
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 16 Dec 2014 21:06:06 GMT
Accept-Ranges: bytes
ETag: "940395-1bff-52a4a36f"
Server: Apache/ProXad [Sep 23 2014 15:26:28]
Content-Length: 7167
Content-Type: text/html
Last-Modified: Sun, 08 Dec 2013 16:50:55 GMT
...7167 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rosemat.free.fr
Referer: http://www.google.com/search?q=rosemat.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rosemat.free.fr
Referer: http://www.google.com/search?q=rosemat.free.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://rosemat.free.fr/ | 200 OK Content-Length: 7167 Content-Type: text/html | clean |
http://ext.adfeelgood.com/siteunder?ms=2c3d6cef2a1d076f6353-1033&tckg=redir.direct;inv.siteunder;pzone.~;afftrack.~;wi.-;hi.-;cap.yes;ext.~ | 200 OK Content-Length: 1332 Content-Type: text/html | clean |
http://ext.adfeelgood.com/?ga=h6wYM9wFOaW3woLgGHDhVD2EuhkANpP%2FJVwqEqhb7Yvm%2BNg14YP4NT7T78JWlKnaxK4s0gWqDnOgGzr3TXax6w%3D%3D&gerf=LLNmxrSpHTUEMGetep2MxihvocJwkIag8DEiwzDIJLA%3D&guro=%2B5zb2iX2uEX%2BJBueat%2F8ZAnHtn9UTg3ToQRYve0Xhnnj0xuK2uVjNuATulrVX9cSPvt3inEvpLPoF0rS59nsrxKlpWDeGVyfz6XrbID5E%2Bz2xozF8FpBLcAM9X5zb8DYqn9%2BZnFrV9t6UF2wGtBAwy%2Boou0w5eQw9nyqv4Swlv0zHjzBesgfnhauCrW3yCmM&ms=2c3d6cef <span>...112 symbols skipped</span> | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: Keep-Alive Date: Tue, 16 Dec 2014 21:06:07 GMT Pragma: no-cache Server: Apache Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=UTF-8 Keep-Alive: timeout=5, max=115 Set-Cookie: gvc=920vr1663095679203813; expires=Sun, 15-Dec-2019 21:06:07 GMT; path=/; domain=ext.adfeelgood.com; httponly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKrfIMFkSaoTSqKmC+BrghK0CpDHc0MuVzmMHin8LIORhpXbped+iYhSnZurWnEO0zcKcVIrzp026LVc5pMB9bUCAwEAAQ==_kie/G7RCTY4jFVeXRLX4zA6yJHif+CcSlm5PyfJSvkt+AAMeG7/2eOqs0WGcaZVTayPA40kNJXDmKxyT7ar4UQ== | clean |
http://ext.adfeelgood.com/rg-erdr.php?_rpo=t | HTTP/1.1 302 Found Connection: Keep-Alive Date: Tue, 16 Dec 2014 21:06:09 GMT Location: http://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=&domain_name=ext.adfeelgood.com&channel=&drid=&output=html Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 Keep-Alive: timeout=5, max=73 | clean |
http://dp.g.doubleclick.net/apps/domainpark/domainpark.cgi?client=&domain_name=ext.adfeelgood.com&channel=&drid=&output=html | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://dp.g.doubleclick.net/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://dp.g.doubleclick.net//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.webdiz.com/services/membres/cpt_live/cpt_live.php?id=13636&cache=0 | 404 Not Found Content-Length: 236 Content-Type: text/html | clean |
http://www.webdiz.com/services/membres/cpt_live/record.php?id=13636 | 404 Not Found Content-Length: 234 Content-Type: text/html | clean |
http://ad.webreseau.com/concours.asp?id=4101&logo=2 | 200 OK Content-Length: 1284 Content-Type: text/html | clean |
http://ad.webreseau.com/pubs.asp?id=4101&i_popup=1&i_popinto=1&i_banniere=1&fb=5 | 200 OK Content-Length: 1332 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rosemat.free.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rosemat.free.fr/
Result: rosemat.free.fr is not infected or malware details are not published yet.
Result: rosemat.free.fr is not infected or malware details are not published yet.