Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wankspider.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 20:43:21 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8b FrontPage/5.0.2.2510
Content-Type: text/html
X-Powered-By: PHP/5.2.10
GET / HTTP/1.1
Host: wankspider.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 20:43:21 GMT
Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8b FrontPage/5.0.2.2510
Content-Type: text/html
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: wankspider.net
Referer: http://www.google.com/search?q=wankspider.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wankspider.net
Referer: http://www.google.com/search?q=wankspider.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://wankspider.net/ | 200 OK Content-Length: 65911 Content-Type: text/html | clean |
http://wankspider.net/cgi-bin/at3/out.cgi?id=14&tag=toplistlow&trade=http://www.housewives.ws | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 20:43:22 GMT Location: http://www.housewives.ws Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8b FrontPage/5.0.2.2510 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: atexc=14,$#; path=/; | clean |
http://www.housewives.ws/ | 200 OK Content-Length: 35502 Content-Type: text/html | clean |
http://s10.histats.com/js9.js | 200 OK Content-Length: 7417 Content-Type: text/javascript | clean |
http://wankspider.net/cgi-bin/atx/out.cgi?id=102&tag=toplist&trade=http://only40.com/ | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 20:43:22 GMT Location: http://www.wankspider.net/error.html Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8b FrontPage/5.0.2.2510 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.wankspider.net/error.html | 200 OK Content-Length: 114 Content-Type: text/html | clean |
http://www.wankspider.net/ | 200 OK Content-Length: 65527 Content-Type: text/html | clean |
http://www.wankspider.net/cgi-bin/at3/out.cgi | HTTP/1.1 302 Found Connection: close Date: Mon, 15 Sep 2014 20:43:23 GMT Location: http://www.sexywives.ws Server: Apache/1.3.41 (Unix) PHP/5.2.10 mod_ssl/2.8.31 OpenSSL/0.9.8b FrontPage/5.0.2.2510 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: atexc=16,$#; path=/; | clean |
http://www.sexywives.ws/ | 200 OK Content-Length: 36798 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=2 | 200 OK Content-Length: 37051 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=3 | 200 OK Content-Length: 36808 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=4 | 200 OK Content-Length: 37378 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=5 | 200 OK Content-Length: 37108 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=6 | 200 OK Content-Length: 36906 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=7 | 200 OK Content-Length: 36956 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=8 | 200 OK Content-Length: 36766 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=9 | 200 OK Content-Length: 36905 Content-Type: text/html | clean |
http://www.sexywives.ws/index.php?p=10 | 200 OK Content-Length: 37368 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wankspider.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wankspider.net/
Result: wankspider.net is not infected or malware details are not published yet.
Result: wankspider.net is not infected or malware details are not published yet.