Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: webmail.osnanet.de
Result:
HTTP/1.1 302 Found
Connection: close
Location: https://webmail.osnanet.de/
Server: Apache
GET / HTTP/1.1
Host: webmail.osnanet.de
Result:
HTTP/1.1 302 Found
Connection: close
Location: https://webmail.osnanet.de/
Server: Apache
Second query (visit from search engine):
GET / HTTP/1.1
Host: webmail.osnanet.de
Referer: http://www.google.com/search?q=webmail.osnanet.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: webmail.osnanet.de
Referer: http://www.google.com/search?q=webmail.osnanet.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://webmail.osnanet.de/ | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/ Server: Apache | clean |
https://webmail.osnanet.de/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 08 Oct 2014 17:43:27 GMT Pragma: no-cache Location: http://webmail.osnanet.de/login.php Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Horde=264rb1jfhnvnqjucjlc9kdeq17; path=/; domain=webmail.osnanet.de; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
http://webmail.osnanet.de/login.php | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/login.php Server: Apache | clean |
https://webmail.osnanet.de/login.php | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 08 Oct 2014 17:43:27 GMT Pragma: no-cache Location: /portal/login?Horde=6l26j5hk5a1i74pa37qp1jo8g4&url=http%3A%2F%2Fwebmail.osnanet.de%2Flogin.php%3Fu%3D1174383973543577c00d837 Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Horde=6l26j5hk5a1i74pa37qp1jo8g4; path=/; domain=webmail.osnanet.de; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
https://webmail.osnanet.de/portal/login?horde=6l26j5hk5a1i74pa37qp1jo8g4&url=http%3a%2f%2fwebmail.osnanet.de%2flogin.php%3fu%3d1174383973543577c00d837 | 200 OK Content-Length: 4112 Content-Type: text/html | clean |
https://webmail.osnanet.de/portal/js/jquery-1.7.2.min.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://webmail.osnanet.de/portal/forgotPassword | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/portal/forgotPassword Server: Apache | clean |
https://webmail.osnanet.de/portal/forgotpassword | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Wed, 08 Oct 2014 17:43:29 GMT Location: http://webmail.osnanet.de/portal/login Server: Apache/2.2.15 (CentOS) Content-Length: 441 Content-Type: text/html; charset=UTF-8 Set-Cookie: PHPSESSID=vs5qo4pmr09t521v08c07nuhe2; path=/; secure; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
http://webmail.osnanet.de/portal/login | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/portal/login Server: Apache | clean |
https://webmail.osnanet.de/portal/login | 200 OK Content-Length: 4112 Content-Type: text/html | clean |
https://webmail.osnanet.de/portal/forgotPassword | 200 OK Content-Length: 2481 Content-Type: text/html | clean |
http://webmail.osnanet.de/test404page.js | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/test404page.js Server: Apache | clean |
https://webmail.osnanet.de/test404page.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 08 Oct 2014 17:43:31 GMT Pragma: no-cache Location: /login.php?url=http%3A%2F%2Fwebmail.osnanet.de%2Ftest404page.js%3Fu%3D1498207639543577c3401fb&horde_logout_token=E-L11nqgN213C68QOVSUDQ3 Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Horde=fiecg4as9rsc0mp4av88gpu5u7; path=/; domain=webmail.osnanet.de; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
https://webmail.osnanet.de/login.php?url=http%3a%2f%2fwebmail.osnanet.de%2ftest404page.js%3fu%3d1498207639543577c3401fb&horde_logout_token=e-l11nqgn213c68qovsudq3 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 08 Oct 2014 17:43:31 GMT Pragma: no-cache Location: /portal/login?Horde=o57dq416fqhvk44fe8esp4ad31&url=http%3A%2F%2Fwebmail.osnanet.de%2Ftest404page.js%3Fu%3D1498207639543577c3401fb Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: Horde=o57dq416fqhvk44fe8esp4ad31; path=/; domain=webmail.osnanet.de; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
https://webmail.osnanet.de/portal/login?horde=o57dq416fqhvk44fe8esp4ad31&url=http%3a%2f%2fwebmail.osnanet.de%2ftest404page.js%3fu%3d1498207639543577c3401fb | 200 OK Content-Length: 4112 Content-Type: text/html | clean |
https://webmail.osnanet.de/portal/chooseBrowser | 200 OK Content-Length: 3367 Content-Type: text/html | clean |
http://webmail.osnanet.de/portal/chooseBrowser | HTTP/1.1 302 Found Connection: close Location: https://webmail.osnanet.de/portal/chooseBrowser Server: Apache | clean |
https://webmail.osnanet.de/portal/choosebrowser | HTTP/1.1 302 Found Cache-Control: no-cache Connection: close Date: Wed, 08 Oct 2014 17:43:32 GMT Location: http://webmail.osnanet.de/portal/login Server: Apache/2.2.15 (CentOS) Content-Length: 441 Content-Type: text/html; charset=UTF-8 Set-Cookie: PHPSESSID=lca8rbhqp9a005fk9p91f3i6d7; path=/; secure; HttpOnly X-Powered-By: PHP/5.3.3 | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=webmail.osnanet.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://webmail.osnanet.de/
Result: webmail.osnanet.de is not infected or malware details are not published yet.
Result: webmail.osnanet.de is not infected or malware details are not published yet.