Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vacationstosouthafrica.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Date: Fri, 15 Aug 2014 19:04:31 GMT
Location: http://www.vacationstosouthafrica.com/home/
Server: Microsoft-IIS/7.0
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSADBTASQ=FIANBJBDEKGMOFPNONCNACDO; path=/
X-Powered-By: ASP.NET
...0 bytes of data.
GET / HTTP/1.1
Host: vacationstosouthafrica.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Date: Fri, 15 Aug 2014 19:04:31 GMT
Location: http://www.vacationstosouthafrica.com/home/
Server: Microsoft-IIS/7.0
Content-Length: 0
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSADBTASQ=FIANBJBDEKGMOFPNONCNACDO; path=/
X-Powered-By: ASP.NET
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vacationstosouthafrica.com
Referer: http://www.google.com/search?q=vacationstosouthafrica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vacationstosouthafrica.com
Referer: http://www.google.com/search?q=vacationstosouthafrica.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://vacationstosouthafrica.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Date: Fri, 15 Aug 2014 19:04:31 GMT Location: http://www.vacationstosouthafrica.com/home/ Server: Microsoft-IIS/7.0 Content-Length: 0 Content-Type: text/html Set-Cookie: ASPSESSIONIDSADBTASQ=FIANBJBDEKGMOFPNONCNACDO; path=/ X-Powered-By: ASP.NET | clean |
http://www.vacationstosouthafrica.com/home/ | 200 OK Content-Length: 36935 Content-Type: text/html | clean |
http://periscopixgateway.whoson.co.uk/include.js?domain=www.vacationstosouthafrica.com | 200 OK Content-Length: 3377 Content-Type: application/javascript | clean |
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en | 200 OK Content-Length: 2512 Content-Type: text/javascript | clean |
http://vacationstosouthafrica.com/../example_holidays/14-night-low-and-high-season-special.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/test404page.js | 404 Not Found Content-Length: 5226 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../home/ | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/south_africa.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/mauitius.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/seychelles.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/zambia.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/botwana.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/namibia.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/zimbabwe.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/kenya.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
http://vacationstosouthafrica.com/../destinations/tanzania.asp | 403 Forbidden Content-Length: 312 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vacationstosouthafrica.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vacationstosouthafrica.com/
Result: vacationstosouthafrica.com is not infected or malware details are not published yet.
Result: vacationstosouthafrica.com is not infected or malware details are not published yet.