Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chekosystems.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Jun 2014 10:25:06 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 5091
Content-Type: text/html
Last-Modified: Wed, 28 May 2014 13:36:08 GMT
...5091 bytes of data.
GET / HTTP/1.1
Host: chekosystems.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Jun 2014 10:25:06 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 5091
Content-Type: text/html
Last-Modified: Wed, 28 May 2014 13:36:08 GMT
...5091 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: chekosystems.com
Referer: http://www.google.com/search?q=chekosystems.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chekosystems.com
Referer: http://www.google.com/search?q=chekosystems.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.spcity.com.br/ | HTTP/1.1 302 Found Connection: close Date: Tue, 24 Nov 2015 14:08:31 GMT Location: http://185.93.187.90/8b2C Server: Apache Content-Length: 209 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://185.93.187.90/8b2c | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Wed, 25 Nov 2015 00:09:35 GMT Pragma: no-cache Location: http://aol.com Server: nginx/1.8.0 Content-Type: text/html; charset=utf-8 Expires: Thu, 21 Jul 1977 07:30:00 GMT Last-Modified: Wed, 25 Nov 2015 00:09:35 GMT X-Powered-By: PHP/5.6.13 | clean |
http://aol.com/ | HTTP/1.1 301 Moved Permanently Connection: Keep-Alive Date: Tue, 24 Nov 2015 14:07:51 GMT Location: http://www.aol.com/ Server: Apache Content-Length: 227 Content-Type: text/html; charset=iso-8859-1 Keep-Alive: timeout=15, max=9789 | clean |
http://www.aol.com/ | 200 OK Content-Length: 139115 Content-Type: text/html | clean |
http://portal.aolcdn.com/o.aolcdn.com/fonts/faw1kht.js.pagespeed.jm.xDwd8qSBeA.js | 200 OK Content-Length: 20351 Content-Type: application/javascript | clean |
http://o.aolcdn.com/os_merge/?file=/ads/adsWrapper.js | 200 OK Content-Length: 42269 Content-Type: application/javascript | clean |
http://o.aolcdn.com/ads/adsWrapper.js | 200 OK Content-Length: 42269 Content-Type: application/javascript | clean |
http://portal.aolcdn.com/o.aolcdn.com/os/aol/omniture.min.js.pagespeed.ce.PQC9PI6SM1.js | 200 OK Content-Length: 58522 Content-Type: application/javascript | clean |
http://www.spcity.com.br//s.skimresources.com/js/76112X1526399.skimlinks.js/ | HTTP/1.1 302 Found Connection: close Date: Tue, 24 Nov 2015 14:08:35 GMT Location: http://185.93.187.90/8b2C Server: Apache Content-Length: 209 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://185.93.187.90/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://portal.aolcdn.com/p5/_v127.14/js/responsive-main.js.pagespeed.jm.YxacIuOk4M.js | 200 OK Content-Length: 300577 Content-Type: application/x-javascript | clean |
http://www.spcity.com.br//feedback.aol.com/aol-feedback-plugin/aol-feedback-loader-latest.min.js/ | HTTP/1.1 302 Found Connection: close Date: Tue, 24 Nov 2015 14:08:36 GMT Location: http://185.93.187.90/8b2C Server: Apache Content-Length: 209 Content-Type: text/html; charset=iso-8859-1 | malicious |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spcity.com.br
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spcity.com.br/
Result: spcity.com.br is not infected or malware details are not published yet.
Result: spcity.com.br is not infected or malware details are not published yet.