Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: whoiscanada.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 21:50:48 GMT
Pragma: no-cache
Location: http://www.whoiscanada.com/
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: from_pmd=0618555d19b5b4b812428f78ed6b71a4; expires=Sun, 05-Oct-2014 09:50:48 GMT; path=/; domain=www.whoiscanada.com
Set-Cookie: PMDSession=eb4f4f26dc4306ae1cb97921a47a29b7; path=/; domain=www.whoiscanada.com; HttpOnly
Set-Cookie: PMDSession=5efff7f0640c10e8feced77fc1545194; path=/; domain=www.whoiscanada.com; HttpOnly
Set-Cookie: PMDSession=7d0c36a278367d6ede9d7db6ca449603; path=/; domain=www.whoiscanada.com; HttpOnly
X-Powered-By: PHP/5.3.28
...0 bytes of data.
GET / HTTP/1.1
Host: whoiscanada.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 21:50:48 GMT
Pragma: no-cache
Location: http://www.whoiscanada.com/
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: from_pmd=0618555d19b5b4b812428f78ed6b71a4; expires=Sun, 05-Oct-2014 09:50:48 GMT; path=/; domain=www.whoiscanada.com
Set-Cookie: PMDSession=eb4f4f26dc4306ae1cb97921a47a29b7; path=/; domain=www.whoiscanada.com; HttpOnly
Set-Cookie: PMDSession=5efff7f0640c10e8feced77fc1545194; path=/; domain=www.whoiscanada.com; HttpOnly
Set-Cookie: PMDSession=7d0c36a278367d6ede9d7db6ca449603; path=/; domain=www.whoiscanada.com; HttpOnly
X-Powered-By: PHP/5.3.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: whoiscanada.com
Referer: http://www.google.com/search?q=whoiscanada.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: whoiscanada.com
Referer: http://www.google.com/search?q=whoiscanada.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://whoiscanada.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 21:50:48 GMT Pragma: no-cache Location: http://www.whoiscanada.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: from_pmd=0618555d19b5b4b812428f78ed6b71a4; expires=Sun, 05-Oct-2014 09:50:48 GMT; path=/; domain=www.whoiscanada.com Set-Cookie: PMDSession=eb4f4f26dc4306ae1cb97921a47a29b7; path=/; domain=www.whoiscanada.com; HttpOnly Set-Cookie: PMDSession=5efff7f0640c10e8feced77fc1545194; path=/; domain=www.whoiscanada.com; HttpOnly Set-Cookie: PMDSession=7d0c36a278367d6ede9d7db6ca449603; path=/; domain=www.whoiscanada.com; HttpOnly X-Powered-By: PHP/5.3.28 | clean |
http://www.whoiscanada.com/ | 200 OK Content-Length: 87511 Content-Type: text/html | clean |
http://www.whoiscanada.com/includes/jquery/jquery.js | 200 OK Content-Length: 93871 Content-Type: application/javascript | clean |
http://www.whoiscanada.com/includes/jquery/jquery_custom.js | 200 OK Content-Length: 199322 Content-Type: application/javascript | clean |
http://www.whoiscanada.com/includes/javascript_global.js | 200 OK Content-Length: 2022 Content-Type: application/javascript | clean |
http://www.whoiscanada.com/template/default/javascript.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://whoiscanada.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 04 Oct 2014 21:50:55 GMT Pragma: no-cache Location: http://www.whoiscanada.com/test404page.js Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: from_pmd=15e89c9f830b53b25a878009b138d1b4; expires=Sun, 05-Oct-2014 09:50:55 GMT; path=/; domain=www.whoiscanada.com Set-Cookie: PMDSession=02190f8eba8301d8ea8a13b669b3f168; path=/; domain=www.whoiscanada.com; HttpOnly Set-Cookie: PMDSession=65b89d0a987f9938f2a9b64f4d0c9b99; path=/; domain=www.whoiscanada.com; HttpOnly Set-Cookie: PMDSession=1c9cc2fb75d89831811fbc72667f7c99; path=/; domain=www.whoiscanada.com; HttpOnly X-Powered-By: PHP/5.3.28 | clean |
http://www.whoiscanada.com/test404page.js | 404 Not Found Content-Length: 30852 Content-Type: text/html | clean |
http://www.whoiscanada.com/members/index.php | 200 OK Content-Length: 6751 Content-Type: text/html | clean |
http://www.whoiscanada.com/members/user_account_add.php | 200 OK Content-Length: 30851 Content-Type: text/html | clean |
http://www.whoiscanada.com/includes/jquery/plugins/jquery.password_strength.js | 200 OK Content-Length: 1687 Content-Type: application/javascript | clean |
http://www.whoiscanada.com/members/user_password_remind.php | 200 OK Content-Length: 6094 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whoiscanada.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whoiscanada.com/
Result: whoiscanada.com is not infected or malware details are not published yet.
Result: whoiscanada.com is not infected or malware details are not published yet.