Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chistayasila.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 04 Sep 2014 12:40:21 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 04 Sep 2014 12:40:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 52d1dbfb81c428e954dfd159319fcc51=5ailiponn9876ftdk0h1iqv7t7; path=/
Set-Cookie: virtuemart=5ailiponn9876ftdk0h1iqv7t7
Set-Cookie: virtuemart=5ailiponn9876ftdk0h1iqv7t7
X-Powered-By: PHP/5.3.3-7+squeeze19
GET / HTTP/1.1
Host: chistayasila.ru
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 04 Sep 2014 12:40:21 GMT
Pragma: no-cache
Server: nginx/1.6.0
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 04 Sep 2014 12:40:21 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 52d1dbfb81c428e954dfd159319fcc51=5ailiponn9876ftdk0h1iqv7t7; path=/
Set-Cookie: virtuemart=5ailiponn9876ftdk0h1iqv7t7
Set-Cookie: virtuemart=5ailiponn9876ftdk0h1iqv7t7
X-Powered-By: PHP/5.3.3-7+squeeze19
Second query (visit from search engine):
GET / HTTP/1.1
Host: chistayasila.ru
Referer: http://www.google.com/search?q=chistayasila.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chistayasila.ru
Referer: http://www.google.com/search?q=chistayasila.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.chistayasila.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 12:40:21 GMT Location: http://chistayasila.ru/ Server: nginx/1.6.0 Vary: Accept-Encoding Content-Length: 316 Content-Type: text/html; charset=iso-8859-1 | clean |
http://chistayasila.ru/ | 200 OK Content-Length: 61879 Content-Type: text/html | clean |
http://chistayasila.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-1.4.4.min.js | 200 OK Content-Length: 78601 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-noconflict.js | 200 OK Content-Length: 20 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/plugins/system/jcemediabox/js/jcemediabox.js?v=110 | 200 OK Content-Length: 46084 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/plugins/system/jcemediabox/js/mediaobject.js?v=110 | 200 OK Content-Length: 3119 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/plugins/system/jcemediabox/addons/default.js?v=110 | 200 OK Content-Length: 1939 Content-Type: application/javascript | clean |
http://chistayasila.ru/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 2742 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/templates/kerherrelis/jquery.js | 200 OK Content-Length: 85558 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/templates/kerherrelis/script.js | 200 OK Content-Length: 8146 Content-Type: application/javascript | clean |
http://chistayasila.ru/modules/mod_slider/lib/slider.js | 200 OK Content-Length: 7119 Content-Type: application/javascript | clean |
http://chistayasila.ru/components/com_virtuemart/js/mootools/mooPrompt.js | 200 OK Content-Length: 8244 Content-Type: application/javascript | clean |
http://chistayasila.ru/components/com_virtuemart/themes/default/theme.js | 200 OK Content-Length: 3907 Content-Type: application/javascript | clean |
http://www.chistayasila.ru/2012-08-16-13-41-04.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 04 Sep 2014 12:40:26 GMT Location: http://chistayasila.ru/2012-08-16-13-41-04.html Server: nginx/1.6.0 Vary: Accept-Encoding Content-Length: 340 Content-Type: text/html; charset=iso-8859-1 | clean |
http://chistayasila.ru/2012-08-16-13-41-04.html | 200 OK Content-Length: 23054 Content-Type: text/html | clean |
http://chistayasila.ru/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-noconflict.js | 200 OK Content-Length: 20 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chistayasila.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chistayasila.ru/
Result: chistayasila.ru is not infected or malware details are not published yet.
Result: chistayasila.ru is not infected or malware details are not published yet.