Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: videosnpictures.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 08:50:18 GMT
Location: http://picturesnvideos.com/
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Length: 320
Content-Type: text/html; charset=iso-8859-1
...320 bytes of data.
GET / HTTP/1.1
Host: videosnpictures.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 08:50:18 GMT
Location: http://picturesnvideos.com/
Server: Apache/2.2.15 (CentOS)
Vary: Accept-Encoding
Content-Length: 320
Content-Type: text/html; charset=iso-8859-1
...320 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: videosnpictures.com
Referer: http://www.google.com/search?q=videosnpictures.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: videosnpictures.com
Referer: http://www.google.com/search?q=videosnpictures.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://videosnpictures.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 08:50:18 GMT Location: http://picturesnvideos.com/ Server: Apache/2.2.15 (CentOS) Vary: Accept-Encoding Content-Length: 320 Content-Type: text/html; charset=iso-8859-1 | clean |
http://picturesnvideos.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 08:50:19 GMT Location: http://picturesnvideos.info/ Server: Apache/2.2.15 (CentOS) Vary: Accept-Encoding Content-Length: 321 Content-Type: text/html; charset=iso-8859-1 | clean |
http://picturesnvideos.info/ | 200 OK Content-Length: 34193 Content-Type: text/html | clean |
http://picturesnvideos.info/includes/main.js | 200 OK Content-Length: 548 Content-Type: text/javascript | clean |
http://p102030.tagsrv.com/tags.js?id=102030_143752&ad_type=banner&ad_size=160x600&referrer=$REFURL$ | 200 OK Content-Length: 18930 Content-Type: application/javascript | clean |
http://ib.adnxs.com/ttj?id=3108879&cb=[CACHEBUSTER]&referrer=[REFERRER_URL] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Sat, 04 Oct 2014 08:50:22 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fid%3D3108879%26cb%3D%5BCACHEBUSTER%5D%26referrer%3D%5BREFERRER_URL%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Fri, 02-Jan-2015 08:50:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Sun, 05-Oct-2014 08:50:22 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=2507920911721052689; path=/; expires=Fri, 02-Jan-2015 08:50:22 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fid%3d3108879%26cb%3d%5bcachebuster%5d%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 1051 Content-Type: text/html | clean |
http://ib.adnxs.com/ttj?ttjb=1&bdc=1412412622&bdh=0-R9or1bEcAvJrlhuhQkebnNIUY.'+c+'&id=3108879&cb=[cachebuster]&referrer=[referrer_url] | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, private Date: Sat, 04 Oct 2014 08:50:23 GMT Pragma: no-cache Location: http://ib.adnxs.com/bounce?%2Fttj%3Fttjb%3D1%26bdc%3D1412412622%26bdh%3D0-R9or1bEcAvJrlhuhQkebnNIUY.%27%2Bc%2B%27%26id%3D3108879%26cb%3D%5Bcachebuster%5D%26referrer%3D%5Breferrer_url%5D Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Sat, 15 Nov 2008 16:00:00 GMT P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE" Set-Cookie: uuid2=0; path=/; expires=Fri, 02-Jan-2015 08:50:23 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: sess=1; path=/; expires=Sun, 05-Oct-2014 08:50:23 GMT; domain=.adnxs.com; HttpOnly Set-Cookie: uuid2=8226572598589965070; path=/; expires=Fri, 02-Jan-2015 08:50:23 GMT; domain=.adnxs.com; HttpOnly X-XSS-Protection: 0 | clean |
http://ib.adnxs.com/bounce?%2fttj%3fttjb%3d1%26bdc%3d1412412622%26bdh%3d0-r9or1becavjrlhuhqkebnniuy.%27%2bc%2b%27%26id%3d3108879%26cb%3d%5bcachebuster%5d%26referrer%3d%5breferrer_url%5d | 200 OK Content-Length: 772 Content-Type: application/javascript | clean |
http://ib.adnxs.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://resources.infolinks.com/js/infolinks_main.js | 200 OK Content-Length: 2361 Content-Type: application/x-javascript | clean |
http://www.adcash.com/ad/display.php?r=328227 | 200 OK Content-Length: 6997 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=videosnpictures.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://videosnpictures.com/
Result: videosnpictures.com is not infected or malware details are not published yet.
Result: videosnpictures.com is not infected or malware details are not published yet.