Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 23.0x0000585a68
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 21 Aug 2015 00:38:14 GMT
Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.4.42 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1
Content-Type: text/html; charset=UTF-8
Set-Cookie: wp_visit_id=ac66d17bcaac4807ffd4a96324c4e0d6j11569; path=/
X-Pingback: http://23.0x0000585a68/xmlrpc.php
X-Powered-By: PHP/5.4.42
GET / HTTP/1.1
Host: 23.0x0000585a68
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 21 Aug 2015 00:38:14 GMT
Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.4.42 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1
Content-Type: text/html; charset=UTF-8
Set-Cookie: wp_visit_id=ac66d17bcaac4807ffd4a96324c4e0d6j11569; path=/
X-Pingback: http://23.0x0000585a68/xmlrpc.php
X-Powered-By: PHP/5.4.42
Second query (visit from search engine):
GET / HTTP/1.1
Host: 23.0x0000585a68
Referer: http://www.google.com/search?q=23.0x0000585a68
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 23.0x0000585a68
Referer: http://www.google.com/search?q=23.0x0000585a68
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://23.0x0000585a68/ | 200 OK Content-Length: 31119 Content-Type: text/html | clean |
http://23.0x0000585a68/wp-includes/js/jquery/jquery.js?ver=1.11.2 | 200 OK Content-Length: 95952 Content-Type: text/javascript | clean |
http://23.0x0000585a68/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://23.0x0000585a68/wp-content/themes/ocomedrev/js/navigation.js?ver=20120206 | 200 OK Content-Length: 1947 Content-Type: text/javascript | clean |
http://23.0x0000585a68/wp-includes/js/masonry.min.js?ver=3.1.2 | 200 OK Content-Length: 31976 Content-Type: text/javascript | clean |
http://23.0x0000585a68/wp-content/themes/ocomedrev/js/skip-link-focus-fix.js?ver=20130115 | 200 OK Content-Length: 650 Content-Type: text/javascript | clean |
http://23.0x0000585a68/%e7%ae%b1%e3%83%a1%e3%82%ac%e3%83%8d-sea-view-%e3%81%ae%e3%81%9e%e3%81%8d-k010501214--13125.html | 200 OK Content-Length: 21987 Content-Type: text/html | clean |
http://23.0x0000585a68/wp-includes/js/comment-reply.min.js?ver=4.2.4 | 200 OK Content-Length: 757 Content-Type: text/javascript | clean |
http://23.0x0000585a68/author/admin | 200 OK Content-Length: 31163 Content-Type: text/html | clean |
http://23.0x0000585a68/author/ | 404 Not Found Content-Length: 20227 Content-Type: text/html | clean |
http://23.0x0000585a68/%ef%bc%bb%e5%85%ac%e5%bc%8f%ef%bc%bdboycott-%e3%83%9c%e3%82%a4%e3%82%b3%e3%83%83%e3%83%88%e3%83%95%e3%83%a9%e3%83%af%e3%83%bc%e6%9f%84%e3%83%8d%e3%82%af%e3%82%bf%e3%82%a4%e3%83%8d%e3%82%a4%e3%83%93--13124.html | 200 OK Content-Length: 23090 Content-Type: text/html | clean |
http://23.0x0000585a68/category/%e7%b5%b5%e7%94%bb%e6%a7%8b%e5%9b%b3/%e4%ba%ba%e7%89%a9%e7%94%bb | 200 OK Content-Length: 33389 Content-Type: text/html | clean |
http://23.0x0000585a68/category/%e7%b5%b5%e7%94%bb%e6%a7%8b%e5%9b%b3/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 21 Aug 2015 00:38:22 GMT Location: http://23.0x0000585a68/category/%e7%b5%b5%e7%94%bb%e6%a7%8b%e5%9b%b3 Server: Apache/2.2.15 (CentOS) DAV/2 PHP/5.4.42 mod_ssl/2.2.15 OpenSSL/1.0.1e-fips mod_perl/2.0.4 Perl/v5.10.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wp_visit_id=cc7cfe8d477581a7bd00267e8b569ce8j11575; path=/ X-Pingback: http://23.0x0000585a68/xmlrpc.php X-Powered-By: PHP/5.4.42 | clean |
http://23.0x0000585a68/category/%e7%b5%b5%e7%94%bb%e6%a7%8b%e5%9b%b3 | 200 OK Content-Length: 33289 Content-Type: text/html | clean |
http://23.0x0000585a68/category/ | 404 Not Found Content-Length: 20229 Content-Type: text/html | clean |
http://23.0x0000585a68/%e5%b8%83%e7%94%a8%e7%b5%b5%e5%85%b7%e3%82%bd%e3%83%bc%e3%82%bd%e3%83%95%e3%83%88%e3%80%80%e3%83%80%e3%83%bc%e3%82%af%e3%83%90%e3%83%bc%e3%82%ac%e3%83%b3%e3%83%87%e3%82%a3262-0050-s249003975--13123.html | 200 OK Content-Length: 22137 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=23.0x0000585a68
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://23.0x0000585a68/
Result: 23.0x0000585a68 is not infected or malware details are not published yet.
Result: 23.0x0000585a68 is not infected or malware details are not published yet.