Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sec.wolterskluwerfs.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 02:42:36 GMT
Content-Length: 1064
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Set-Cookie: ELOQUA=GUID=45624C7DC1854ABB8631E8233850ED22; domain=sec.wolterskluwerfs.com; expires=Tue, 04-Oct-2016 02:42:36 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
...1064 bytes of data.
GET / HTTP/1.1
Host: sec.wolterskluwerfs.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 02:42:36 GMT
Content-Length: 1064
Content-Type: text/html; charset=utf-8
P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
Set-Cookie: ELOQUA=GUID=45624C7DC1854ABB8631E8233850ED22; domain=sec.wolterskluwerfs.com; expires=Tue, 04-Oct-2016 02:42:36 GMT; path=/; HttpOnly
X-Powered-By: ASP.NET
...1064 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sec.wolterskluwerfs.com
Referer: http://www.google.com/search?q=sec.wolterskluwerfs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sec.wolterskluwerfs.com
Referer: http://www.google.com/search?q=sec.wolterskluwerfs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://sec.wolterskluwerfs.com/ | HTTP/1.1 200 OK Cache-Control: private Date: Sat, 04 Oct 2014 02:42:36 GMT Content-Length: 1064 Content-Type: text/html; charset=utf-8 P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Set-Cookie: ELOQUA=GUID=45624C7DC1854ABB8631E8233850ED22; domain=sec.wolterskluwerfs.com; expires=Tue, 04-Oct-2016 02:42:36 GMT; path=/; HttpOnly X-Powered-By: ASP.NET | clean |
http://www.cchwallstreet.com/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Sat, 04 Oct 2014 02:42:37 GMT Location: http://www.complianceresourcenetwork.com/ Server: Microsoft-IIS/6.0 Content-Length: 162 Content-Type: text/html Set-Cookie: ASPSESSIONIDSCASTACR=COAHCDFDHNOFDNCNNBCKJCIM; path=/ X-Powered-By: ASP.NET | clean |
http://www.complianceresourcenetwork.com/ | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 02:42:38 GMT Location: http://www.complianceresourcenetwork.com/web/crn/home Server: Apache/2.0.65 (Win32) mod_jk/1.2.37 Content-Length: 349 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.complianceresourcenetwork.com/web/crn/home | 200 OK Content-Length: 40437 Content-Type: text/html | clean |
http://www.complianceresourcenetwork.com/html/js/barebone.jsp?browserId=ie&themeId=crnpublictheme_WAR_crnpublictheme&colorSchemeId=01&minifierType=js&minifierBundleId=javascript.barebone.files&languageId=en_US&b=6102&t=1376671794000 | 200 OK Content-Length: 301184 Content-Type: text/javascript | clean |
http://sec.wolterskluwerfs.com/pwi/js-5.4/jquery-1.7.1.min.js?browserId=ie&minifierType=js&languageId=en_US&b=6102&t=1405150210000 | HTTP/1.1 200 OK Cache-Control: private Date: Sat, 04 Oct 2014 02:42:42 GMT Content-Length: 1214 Content-Type: text/html; charset=utf-8 P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Set-Cookie: ELOQUA=GUID=%7b00000000-0000-0000-0000-000000000000%7d; domain=sec.wolterskluwerfs.com; expires=Tue, 04-Oct-2016 02:42:43 GMT; path=/; HttpOnly X-Powered-By: ASP.NET | clean |
http://www.cchwallstreet.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://sec.wolterskluwerfs.com/pwi/js-5.4/jquery-ui-1.8.17.custom.min.js?browserId=ie&minifierType=js&languageId=en_US&b=6102&t=1405150210000 | HTTP/1.1 200 OK Cache-Control: private Date: Sat, 04 Oct 2014 02:42:43 GMT Content-Length: 1214 Content-Type: text/html; charset=utf-8 P3P: CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Set-Cookie: ELOQUA=GUID=%7b00000000-0000-0000-0000-000000000000%7d; domain=sec.wolterskluwerfs.com; expires=Tue, 04-Oct-2016 02:42:44 GMT; path=/; HttpOnly X-Powered-By: ASP.NET | clean |
https://www.complianceresourcenetwork.com/crn-public-theme/js/main.js?browserId=ie&minifierType=js&languageId=en_US&b=6102&t=1405150210000 | 200 OK Content-Length: 109 Content-Type: text/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sec.wolterskluwerfs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sec.wolterskluwerfs.com/
Result: sec.wolterskluwerfs.com is not infected or malware details are not published yet.
Result: sec.wolterskluwerfs.com is not infected or malware details are not published yet.