Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: elizabetholsen.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 05 Apr 2014 16:01:12 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=409300f99de9ee5999a1c6211b2d3257; path=/
Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7C95819637e29d19e5fa0e4d7b4fc63194; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/wp-content/plugins; httponly
Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7C95819637e29d19e5fa0e4d7b4fc63194; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/wp-admin; httponly
Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7Ca2f29354973983c1417dc4dfe59ca937; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/; httponly
Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7Ca2f29354973983c1417dc4dfe59ca937; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/; httponly
X-Pingback: http://elizabetholsen.org/wp/xmlrpc.php
X-Powered-By: PHP/5.4.23
GET / HTTP/1.1
Host: elizabetholsen.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sat, 05 Apr 2014 16:01:12 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=409300f99de9ee5999a1c6211b2d3257; path=/
Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7C95819637e29d19e5fa0e4d7b4fc63194; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/wp-content/plugins; httponly
Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7C95819637e29d19e5fa0e4d7b4fc63194; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/wp-admin; httponly
Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7Ca2f29354973983c1417dc4dfe59ca937; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/; httponly
Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923272%7Ca2f29354973983c1417dc4dfe59ca937; expires=Sun, 20-Apr-2014 04:01:12 GMT; path=/wp/; httponly
X-Pingback: http://elizabetholsen.org/wp/xmlrpc.php
X-Powered-By: PHP/5.4.23
Second query (visit from search engine):
GET / HTTP/1.1
Host: elizabetholsen.org
Referer: http://www.google.com/search?q=elizabetholsen.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: elizabetholsen.org
Referer: http://www.google.com/search?q=elizabetholsen.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.elizabetholsen.org/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sat, 05 Apr 2014 16:01:11 GMT Pragma: no-cache Location: http://elizabetholsen.org/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=4c6825b6100b739ef9d646d89c208645; path=/ Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923271%7C0223f079340b2e78fb2ea26c440863de; expires=Sun, 20-Apr-2014 04:01:11 GMT; path=/wp/wp-content/plugins; httponly Set-Cookie: wordpress_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923271%7C0223f079340b2e78fb2ea26c440863de; expires=Sun, 20-Apr-2014 04:01:11 GMT; path=/wp/wp-admin; httponly Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923271%7Ce05447dedda62be2a47250d0c6d84910; expires=Sun, 20-Apr-2014 04:01:11 GMT; path=/; httponly Set-Cookie: wordpress_logged_in_2ac5988cebba0b74db742a5cc5bd656d=%7C1397923271%7Ce05447dedda62be2a47250d0c6d84910; expires=Sun, 20-Apr-2014 04:01:11 GMT; path=/wp/; httponly X-Pingback: http://elizabetholsen.org/wp/xmlrpc.php X-Powered-By: PHP/5.4.23 | clean |
http://elizabetholsen.org/ | 200 OK Content-Length: 24308 Content-Type: text/html | clean |
http://cdn-media.hollywood.com/static/fstoolbar/toolbar.js | 200 OK Content-Length: 4752 Content-Type: application/x-javascript | clean |
http://www.elizabetholsen.org/ad/squaread.js | 200 OK Content-Length: 22 Content-Type: application/javascript | clean |
http://rochaelifecoaching.com/zrjmfMZy.php?id=81676880 | 200 OK Content-Length: 209 Content-Type: text/html | clean |
http://rochaelifecoaching.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://www.nativeartstat2.com/yDFxdTJ9.php?id=81676723 | 200 OK Content-Length: 209 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=elizabetholsen.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://elizabetholsen.org/
Result: elizabetholsen.org is not infected or malware details are not published yet.
Result: elizabetholsen.org is not infected or malware details are not published yet.