Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tosoot.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 16:38:38 GMT
Server: Microsoft-IIS/5.0
Content-Language: ko
Content-Type: text/html
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=96bc9c621322db983b1a4983d06803de; path=/
X-Powered-By: PHP/5.1.5
GET / HTTP/1.1
Host: tosoot.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 04 Oct 2014 16:38:38 GMT
Server: Microsoft-IIS/5.0
Content-Language: ko
Content-Type: text/html
P3P: CP="ALL CURa ADMa DEVa TAIa OUR BUS IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC OTC"
Set-Cookie: PHPSESSID=96bc9c621322db983b1a4983d06803de; path=/
X-Powered-By: PHP/5.1.5
Second query (visit from search engine):
GET / HTTP/1.1
Host: tosoot.com
Referer: http://www.google.com/search?q=tosoot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tosoot.com
Referer: http://www.google.com/search?q=tosoot.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://tosoot.com/ | 200 OK Content-Length: 9708 Content-Type: text/html | clean |
http://tosoot.com/title.js | 200 OK Content-Length: 706 Content-Type: application/x-javascript | clean |
http://tosoot.com/road.js | 200 OK Content-Length: 703 Content-Type: application/x-javascript | clean |
http://tosoot.com/use_01.html | 200 OK Content-Length: 4330 Content-Type: text/html | clean |
http://tosoot.com/subtitle.js | 200 OK Content-Length: 721 Content-Type: application/x-javascript | clean |
http://tosoot.com/lmenu_04.js | 200 OK Content-Length: 719 Content-Type: application/x-javascript | clean |
http://tosoot.com/bbs/zboard.php?id=appointment | 200 OK Content-Length: 18753 Content-Type: text/html | clean |
http://tosoot.com/bbs/subtitle.js | 200 OK Content-Length: 724 Content-Type: application/x-javascript | clean |
http://tosoot.com/bbs/lmenu_06.js | 200 OK Content-Length: 722 Content-Type: application/x-javascript | clean |
http://tosoot.com/bbs/../use_01.html | 403 Forbidden Content-Length: 2153 Content-Type: text/html | clean |
http://tosoot.com/vhcs2/themes/modern_blue/css/vhcs.js | 200 OK Content-Length: 1522 Content-Type: application/x-javascript | clean |
http://tosoot.com/test404page.js | 404 Not Found Content-Length: 2166 Content-Type: text/html | clean |
http://tosoot.com/bbs/../story_03.html | 403 Forbidden Content-Length: 2155 Content-Type: text/html | clean |
http://tosoot.com/bbs/../story_01.html | 403 Forbidden Content-Length: 2155 Content-Type: text/html | clean |
http://tosoot.com/bbs/story_02.html | 404 Not Found Content-Length: 2169 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tosoot.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tosoot.com/
Result: tosoot.com is not infected or malware details are not published yet.
Result: tosoot.com is not infected or malware details are not published yet.