Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: civilspb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1
Connection: close
Date: Wed, 09 Apr 2014 01:42:41 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Expires: Wed, 09 Apr 2014 01:42:42 GMT
Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C103dc4e7000385aa9ee939b40f5a3cc3; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C103dc4e7000385aa9ee939b40f5a3cc3; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C12f60c10705b097650c530a64103fa78; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/; httponly
X-Pingback: http://civilspb.ru/xmlrpc.php
GET / HTTP/1.1
Host: civilspb.ru
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=1
Connection: close
Date: Wed, 09 Apr 2014 01:42:41 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
Expires: Wed, 09 Apr 2014 01:42:42 GMT
Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C103dc4e7000385aa9ee939b40f5a3cc3; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C103dc4e7000385aa9ee939b40f5a3cc3; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_58b5901087cf664dd9507e7886f6a54e=%7C1398217387%7C12f60c10705b097650c530a64103fa78; expires=Wed, 23-Apr-2014 01:43:07 GMT; path=/; httponly
X-Pingback: http://civilspb.ru/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: civilspb.ru
Referer: http://www.google.com/search?q=civilspb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: civilspb.ru
Referer: http://www.google.com/search?q=civilspb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://civilspb.ru/ | 200 OK Content-Length: 144997 Content-Type: text/html | clean |
http://lite.piclens.com/current/piclens_optimized.js?ver=3.4.1 | 200 OK Content-Length: 21750 Content-Type: application/x-javascript | clean |
http://civilspb.ru/wp-admin | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=1 Connection: close Date: Wed, 09 Apr 2014 01:42:47 GMT Location: http://civilspb.ru/wp-admin/ Server: Apache Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 Expires: Wed, 09 Apr 2014 01:42:48 GMT | clean |
http://civilspb.ru/wp-admin/ | HTTP/1.1 302 Found Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 09 Apr 2014 01:42:47 GMT Pragma: no-cache Location: http://civilspb.ru/wp-login.php?redirect_to=http%3A%2F%2Fcivilspb.ru%2Fwp-admin%2F&reauth=1 Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Wed, 09 Apr 2014 01:43:13 GMT Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217393%7C2f22df879a358449ff45957e836897d6; expires=Wed, 23-Apr-2014 01:43:13 GMT; path=/wp-content/plugins; httponly Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217393%7C2f22df879a358449ff45957e836897d6; expires=Wed, 23-Apr-2014 01:43:13 GMT; path=/wp-admin; httponly Set-Cookie: wordpress_logged_in_58b5901087cf664dd9507e7886f6a54e=%7C1398217393%7C7aa03e04c292cd5e78d00d86af10beed; expires=Wed, 23-Apr-2014 01:43:13 GMT; path=/; httponly | clean |
http://civilspb.ru/wp-login.php?redirect_to=http%3a%2f%2fcivilspb.ru%2fwp-admin%2f&reauth=1 | 200 OK Content-Length: 2093 Content-Type: text/html | clean |
http://civilspb.ru/wp-login.php?action=lostpassword | 200 OK Content-Length: 1713 Content-Type: text/html | clean |
http://civilspb.ru/wp-login.php | 200 OK Content-Length: 2093 Content-Type: text/html | clean |
http://civilspb.ru/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://civilspb.ru/news | 404 Not Found Content-Length: 321 Content-Type: text/html | clean |
http://civilspb.ru/sitemap.xml | 200 OK Content-Length: 47185 Content-Type: application/xml | clean |
http://civilspb.ru/?p=317 | 200 OK Content-Length: 301237 Content-Type: text/html | clean |
http://civilspb.ru/?cat=11 | 200 OK Content-Length: 142620 Content-Type: text/html | clean |
http://civilspb.ru/?feed=rss2&p=317 | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=1 Connection: close Date: Wed, 09 Apr 2014 01:42:52 GMT ETag: "99b889a9cd748e8b4eca0eb3758d138d" Location: http://civilspb.ru/?feed=rss2&p=317 Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html Expires: Wed, 09 Apr 2014 01:42:53 GMT Last-Modified: GMT Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217398%7C4f2cde1bb37a15619a38b5c97e394c29; expires=Wed, 23-Apr-2014 01:43:18 GMT; path=/wp-content/plugins; httponly Set-Cookie: wordpress_58b5901087cf664dd9507e7886f6a54e=%7C1398217398%7C4f2cde1bb37a15619a38b5c97e394c29; expires=Wed, 23-Apr-2014 01:43:18 GMT; path=/wp-admin; httponly Set-Cookie: wordpress_logged_in_58b5901087cf664dd9507e7886f6a54e=%7C1398217398%7C9ef000a61081ad81d5efceb08db06699; expires=Wed, 23-Apr-2014 01:43:18 GMT; path=/; httponly X-Pingback: http://civilspb.ru/xmlrpc.php | clean |
http://civilspb.ru/?feed=rss2&p=317 | 200 OK Content-Length: 1830 Content-Type: text/xml | clean |
http://civilspb.ru/?p=316 | 200 OK Content-Length: 302562 Content-Type: text/html | clean |
http://civilspb.ru/?p=52 | 200 OK Content-Length: 302519 Content-Type: text/html | clean |
http://civilspb.ru/?p=280 | 200 OK Content-Length: 301097 Content-Type: text/html | clean |
http://civilspb.ru/?p=275 | 200 OK Content-Length: 303745 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=civilspb.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://civilspb.ru/
Result: civilspb.ru is not infected or malware details are not published yet.
Result: civilspb.ru is not infected or malware details are not published yet.