Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=soropositivo.net.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://soropositivo.net.br/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: soropositivo.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 26 Feb 2015 06:18:18 GMT
Location: http://soropositivo.website/
Server: nginx
Vary: Cookie
Content-Type: text/html; charset=utf-8
X-Ac: 3.fra _sat
GET / HTTP/1.1
Host: soropositivo.net.br
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 26 Feb 2015 06:18:18 GMT
Location: http://soropositivo.website/
Server: nginx
Vary: Cookie
Content-Type: text/html; charset=utf-8
X-Ac: 3.fra _sat
Second query (visit from search engine):
GET / HTTP/1.1
Host: soropositivo.net.br
Referer: http://www.google.com/search?q=soropositivo.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: soropositivo.net.br
Referer: http://www.google.com/search?q=soropositivo.net.br
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://soropositivo.net.br/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 26 Feb 2015 06:18:18 GMT Location: http://soropositivo.website/ Server: nginx Vary: Cookie Content-Type: text/html; charset=utf-8 X-Ac: 3.fra _sat | clean |
http://soropositivo.website/ | 200 OK Content-Length: 285687 Content-Type: text/html | clean |
https://r-login.wordpress.com/remote-login.php?action=js&host=soropositivo.website&id=78498171&t=1424931288&back=http%3A%2F%2Fsoropositivo.website%2F | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
https://s1.wp.com/_static/??-eJydkmFOxCAQhS8kS3ejiX+MV/AKtJ3SQRiQGba2pxdtNbqabOovJsz35k0e6CmpLpIAiXasQ2zRgyoM2dh6p5CGeHB8oyuH1PnSA7+D7qVAnrfjKqAC2mwEDgHpE/7mmiJLAOZq+Uf3pxXSGWG6ijmQZLpnlYFx+TW19dGq5ItFYl1rC30soobofZz0hL0FudTICHVHnTIELEGHUQVjzYIEa3A9ZMIl75Nt2w4eXtljHbFPLkgzmfO/PGtXZH4ao8R9eu4yJuFLUShfia4BfnyDtVRtCUltD/cYHo63TXN3fzw1J/cGLXDxwg== | 200 OK Content-Length: 252044 Content-Type: application/x-javascript | clean |
http://soropositivo.net.br//0.gravatar.com/js/gprofiles.js?ver=201509x/ | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://soropositivo.net.br/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
https://s2.wp.com/wp-content/mu-plugins/gravatar-hovercards/wpgroho.js?m=1380573781g | 200 OK Content-Length: 582 Content-Type: application/x-javascript | clean |
https://s2.wp.com/_static/??/wp-content/js/jquery/jquery.autoresize.js,/wp-content/mu-plugins/highlander-comments/script.js?m=1424115551j | 200 OK Content-Length: 41938 Content-Type: application/x-javascript | clean |
https://s2.wp.com/_static/??-eJyVjEsOwjAMRC9EalGlohvEWSC1kNM4sXBCyu0pi0pkw2c10sx7A1WMSzFjzOAVJryTQ1k6rzt4m7gYCeVKUcEl5rUygWbUlxPoAlpJ8B+pKTaRogtlaoEbSnh0TPHDO3LyBLk2+ZX3mOXsZvMbvVEnPu5tb/vRDofRPwH4oHZU | 200 OK Content-Length: 86520 Content-Type: application/x-javascript | clean |
http://soropositivo.net.br//stats.wp.com/w.js?43/ | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |