Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: worthreferral.com
Result:
GET / HTTP/1.1
Host: worthreferral.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: worthreferral.com
Referer: http://www.google.com/search?q=worthreferral.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: worthreferral.com
Referer: http://www.google.com/search?q=worthreferral.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.worthreferral.com/ | 200 OK Content-Length: 11905 Content-Type: text/html | clean |
http://www.worthreferral.com/js/all.js | 200 OK Content-Length: 106528 Content-Type: application/javascript | clean |
http://www.apsense.com/bmc-badge.js | 200 OK Content-Length: 349 Content-Type: application/x-javascript | clean |
http://www.worthreferral.com/wrcard/samnull.com | 200 OK Content-Length: 15629 Content-Type: text/html | clean |
http://www.teampromote.com/adshow.js | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 01:03:31 GMT Location: http://www.teampromote.com/cgi-sys/suspendedpage.cgi Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 378 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.teampromote.com/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 3639 Content-Type: text/html | clean |
http://www.teampromote.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 05 Oct 2014 01:03:32 GMT Location: http://www.teampromote.com/cgi-sys/suspendedpage.cgi Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 378 Content-Type: text/html; charset=iso-8859-1 | clean |
http://widgets.alexa.com/traffic/javascript/graph.js | 200 OK Content-Length: 3035 Content-Type: text/javascript | clean |
http://xslt.alexa.com/site_stats/js/t/b?url=samnull.com | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://www.worthreferral.com/wrcard/gsc97selectgirls.org | 200 OK Content-Length: 9504 Content-Type: text/html | clean |
http://xslt.alexa.com/site_stats/js/t/b?url=gsc97selectgirls.org | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://www.worthreferral.com/review/gsc97selectgirls.org | HTTP/1.1 302 Moved Temporarily Cache-Control: private Connection: close Date: Sun, 05 Oct 2014 01:03:35 GMT Pragma: no-cache Location: /login Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=56d9906cdce1e788c6530f51a73559fb; path=/ X-Powered-By: PHP/5.4.29 | clean |
http://www.worthreferral.com/login | 200 OK Content-Length: 4041 Content-Type: text/html | clean |
http://www.worthreferral.com/reviews.html | 200 OK Content-Length: 20807 Content-Type: text/html | clean |
http://www.worthreferral.com/wrcard/twitter.com | 200 OK Content-Length: 34401 Content-Type: text/html | clean |
http://xslt.alexa.com/site_stats/js/t/b?url=twitter.com | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://www.worthreferral.com/review/twitter.com | HTTP/1.1 302 Moved Temporarily Cache-Control: private Connection: close Date: Sun, 05 Oct 2014 01:03:39 GMT Pragma: no-cache Location: /login Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=3236ae030c17f99dacb1cf33044594c6; path=/ X-Powered-By: PHP/5.4.29 | clean |
http://www.worthreferral.com/wrcard/ | 404 Not Found Content-Length: 468 Content-Type: text/html | clean |
http://www.worthreferral.com/wrcard/twitter.com?page=2 | 200 OK Content-Length: 33332 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=worthreferral.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://worthreferral.com/
Result: worthreferral.com is not infected or malware details are not published yet.
Result: worthreferral.com is not infected or malware details are not published yet.