Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=walshco.co.uk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: phongtuc.ssc.vn
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Jul 2013 18:19:32 GMT
Accept-Ranges: bytes
ETag: "211f5-e73-4e1eb47d00d21"
Server: nginx/1.5.2
Content-Length: 3699
Content-Type: text/html
Last-Modified: Sat, 20 Jul 2013 06:09:05 GMT
...3699 bytes of data.
GET / HTTP/1.1
Host: phongtuc.ssc.vn
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Jul 2013 18:19:32 GMT
Accept-Ranges: bytes
ETag: "211f5-e73-4e1eb47d00d21"
Server: nginx/1.5.2
Content-Length: 3699
Content-Type: text/html
Last-Modified: Sat, 20 Jul 2013 06:09:05 GMT
...3699 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: phongtuc.ssc.vn
Referer: http://www.google.com/search?q=phongtuc.ssc.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: phongtuc.ssc.vn
Referer: http://www.google.com/search?q=phongtuc.ssc.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.walshco.co.uk/ | 200 OK Content-Length: 1541 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.nebusiness.pwp.blueyonder.co.uk ...[224 bytes skipped]... Business advice,Bookkeeping,Tax,Tax Returns,Self Assessment,Inland Revenue,VAT,PAYE,Accounts"> <meta name="description" content="Walsh & Co. Chartered Accountants. Newcastle upon Tyne, 0191 297 0500, Contact us for a fresh approach to all your accounting needs."> </HEAD> <FRAMESET ROWS="100%,*" FRAMESPACING=0 FRAMEBORDER=0 BORDER=0> <FRAME SRC="http://www.nebusiness.pwp.blueyonder.co.uk/walshco" SCROLLING="AUTO" NORESIZE FRAMEBORDER=0 BORDER=0 MARGINHEIGHT=3 MARGINWIDTH=3> <noframes> <BODY BGCOLOR="#FFCB97"> <font face="verdana" color="navy" size="2"> <P> </p><P> </p><P> </p> <center> <h2>walshco.co.uk<br> Your browser does not support frames.<BR> To view our w ...[851 bytes skipped]... | ||
http://www.walshco.co.uk/test404page.js | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 30 May 2014 08:02:01 GMT Location: http://www.nebusiness.pwp.blueyonder.co.uk/walshco/test404page.js Server: Microsoft-IIS/6.0 Content-Length: 186 Content-Type: text/html Set-Cookie: ASPSESSIONIDSCATTDAS=BADEKJODOPFPMAFMALPGMJDA; path=/; HttpOnly X-Powered-By: ASP.NET | malicious |
http://www.nebusiness.pwp.blueyonder.co.uk/walshco/test404page.js | 404 Not found Content-Length: 1000 Content-Type: text/html | clean |
http://www.nebusiness.pwp.blueyonder.co.uk/test404page.js | 404 Not found Content-Length: 1000 Content-Type: text/html | clean |