Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: viskipv.lv
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 23:54:40 GMT
Location: http://www.viskipv.lv/
Server: nginx
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
...306 bytes of data.
GET / HTTP/1.1
Host: viskipv.lv
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Oct 2014 23:54:40 GMT
Location: http://www.viskipv.lv/
Server: nginx
Vary: Accept-Encoding
Content-Length: 306
Content-Type: text/html; charset=iso-8859-1
...306 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: viskipv.lv
Referer: http://www.google.com/search?q=viskipv.lv
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: viskipv.lv
Referer: http://www.google.com/search?q=viskipv.lv
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://viskipv.lv/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Oct 2014 23:54:40 GMT Location: http://www.viskipv.lv/ Server: nginx Vary: Accept-Encoding Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.viskipv.lv/ | 200 OK Content-Length: 28656 Content-Type: text/html | clean |
http://www.viskipv.lv/js/jquery-1.4.4.min.js | 200 OK Content-Length: 78601 Content-Type: application/x-javascript | clean |
http://www.viskipv.lv/js/jquery.fancybox-1.2.6.pack.js | 200 OK Content-Length: 9522 Content-Type: application/x-javascript | clean |
http://www.viskipv.lv/js/jquery.cycle.all.min.js | 200 OK Content-Length: 28105 Content-Type: application/x-javascript | clean |
http://www.viskipv.lv/js/jquery.easing.1.1.1.js | 200 OK Content-Length: 3507 Content-Type: application/x-javascript | clean |
http://www.viskipv.lv/js/global.js | 200 OK Content-Length: 1018 Content-Type: application/x-javascript | clean |
http://deny.systemhttp.com/r.php?l=http://deny.systemhttp.com/go.php?sid=1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://deny.systemhttp.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 23:52:18 GMT Location: http://google.com/ Server: nginx/1.0.15 Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
http://google.com/ | HTTP/1.1 302 Found Cache-Control: private Connection: close Date: Sat, 04 Oct 2014 23:54:41 GMT Location: http://www.google.lt/?gws_rd=cr&ei=wYgwVPztL8PRywP684DgDg Server: gws Content-Length: 258 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic,p=0.002 P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info." Set-Cookie: PREF=ID=6e53b2a5fe04f3d6:FF=0:TM=1412466881:LM=1412466881:S=6VCfvaETfK7ysLRV; expires=Mon, 03-Oct-2016 23:54:41 GMT; path=/; domain=.google.com Set-Cookie: NID=67=cjKMVQIlbMBNviwmjJYuZYFhB_QfymiqJNjRqSLMSR7BgTIb_Ms2aVEgGOxxawo9kgPmr8VM33Mc-vH0FY8IeK1GgN5PvAmZwB93QpTtf0ZWfHjQQROKYVs-sGAqbVdY; expires=Sun, 05-Apr-2015 23:54:41 GMT; path=/; domain=.google.com; HttpOnly X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/?gws_rd=cr&ei=wygwvpztl8prywp684dgdg | 200 OK Content-Length: 51397 Content-Type: text/html | clean |
https://www.google.lt/webhp?tab=ww | 200 OK Content-Length: 63666 Content-Type: text/html | clean |
https://www.google.lt/imghp?hl=lt&tab=wi | 200 OK Content-Length: 57436 Content-Type: text/html | clean |
https://www.google.lt/webhp?hl=lt&tab=iw | 200 OK Content-Length: 63695 Content-Type: text/html | clean |
http://www.google.lt/intl/lt/options/ | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=2592000 Connection: close Date: Sat, 04 Oct 2014 23:54:43 GMT Location: http://www.google.lt/intl/lt/about/products/ Server: sffe Content-Length: 241 Content-Type: text/html; charset=UTF-8 Expires: Mon, 03 Nov 2014 23:54:43 GMT Alternate-Protocol: 80:quic,p=0.002 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://www.google.lt/intl/lt/about/products/ | 200 OK Content-Length: 7068 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/js/gweb/analytics/autotrack.js/ | 404 Not Found Content-Length: 1471 Content-Type: text/html | clean |
http://www.google.lt//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.google.lt/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=viskipv.lv
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://viskipv.lv/
Result: viskipv.lv is not infected or malware details are not published yet.
Result: viskipv.lv is not infected or malware details are not published yet.