Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rumoresf1.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Tue, 03 Mar 2015 23:46:32 GMT
Pragma: private
Server: nginx/1.6.2
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bbsessionhash=e3b4b153fc252f8f101c8524b4de3417; path=/; HttpOnly
Set-Cookie: bblastvisit=1425426391; expires=Wed, 02-Mar-2016 23:46:31 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Wed, 02-Mar-2016 23:46:31 GMT; path=/
X-UA-Compatible: IE=7
GET / HTTP/1.1
Host: rumoresf1.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Tue, 03 Mar 2015 23:46:32 GMT
Pragma: private
Server: nginx/1.6.2
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bbsessionhash=e3b4b153fc252f8f101c8524b4de3417; path=/; HttpOnly
Set-Cookie: bblastvisit=1425426391; expires=Wed, 02-Mar-2016 23:46:31 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Wed, 02-Mar-2016 23:46:31 GMT; path=/
X-UA-Compatible: IE=7
Second query (visit from search engine):
GET / HTTP/1.1
Host: rumoresf1.com
Referer: http://www.google.com/search?q=rumoresf1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rumoresf1.com
Referer: http://www.google.com/search?q=rumoresf1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://rumoresf1.com/ | 200 OK Content-Length: 100430 Content-Type: text/html | clean |
http://rumoresf1.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=376 | 200 OK Content-Length: 31637 Content-Type: application/javascript | clean |
http://rumoresf1.com/clientscript/yui/connection/connection-min.js?v=376 | 200 OK Content-Length: 11602 Content-Type: application/javascript | clean |
http://rumoresf1.com/clientscript/vbulletin_global.js?v=376 | 200 OK Content-Length: 25057 Content-Type: application/javascript | clean |
http://rumoresf1.com/clientscript/vbulletin_menu.js?v=376 | 200 OK Content-Length: 9389 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 20008 Content-Type: text/javascript | clean |
http://www.eltiempo.es/widget/widget_loader/bfcedd1972ef0696bb63290ef5065ad1 | 200 OK Content-Length: 930 Content-Type: text/javascript | clean |
http://rumoresf1.com/clientscript/vbulletin_read_marker.js?v=376 | 200 OK Content-Length: 3408 Content-Type: application/javascript | clean |
http://www.rumoresf1.com/clientscript/vbulletin_md5.js | 200 OK Content-Length: 5464 Content-Type: application/javascript | clean |
http://www.rumoresf1.com/clientscript/wz_tooltip.js | 200 OK Content-Length: 35080 Content-Type: application/javascript | clean |
http://rumoresf1.com/index.php?s=e3b4b153fc252f8f101c8524b4de3417 | 200 OK Content-Length: 100430 Content-Type: text/html | clean |
http://rumoresf1.com/register.php?s=e3b4b153fc252f8f101c8524b4de3417 | 200 OK Content-Length: 18460 Content-Type: text/html | clean |
http://rumoresf1.com/blog.php?s=e3b4b153fc252f8f101c8524b4de3417 | 200 OK Content-Length: 33650 Content-Type: text/html | clean |
http://rumoresf1.com/clientscript/blog_ajax_latest.js?v=376 | 200 OK Content-Length: 5985 Content-Type: application/javascript | clean |
http://rumoresf1.com/clientscript/blog_ajax_calendar.js?v=376 | 200 OK Content-Length: 3738 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rumoresf1.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rumoresf1.com/
Result: rumoresf1.com is not infected or malware details are not published yet.
Result: rumoresf1.com is not infected or malware details are not published yet.