Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gosci.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 09:00:26 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
Link: <http://gosci.com/?p=164>; rel=shortlink
Set-Cookie: PHPSESSID=1a7ae1403ba1842432be1647ae221de7; path=/
X-Pingback: http://gosci.com/xmlrpc.php
GET / HTTP/1.1
Host: gosci.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 30 Sep 2014 09:00:26 GMT
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
Link: <http://gosci.com/?p=164>; rel=shortlink
Set-Cookie: PHPSESSID=1a7ae1403ba1842432be1647ae221de7; path=/
X-Pingback: http://gosci.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: gosci.com
Referer: http://www.google.com/search?q=gosci.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gosci.com
Referer: http://www.google.com/search?q=gosci.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.gosci.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 30 Sep 2014 09:00:25 GMT Location: http://gosci.com/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://gosci.com/xmlrpc.php | clean |
http://gosci.com/ | 200 OK Content-Length: 22892 Content-Type: text/html | clean |
http://gosci.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://gosci.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://gosci.com/wp-content/plugins/ilc-folding/folding.js?ver=3.8.4 | 200 OK Content-Length: 342 Content-Type: application/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=3.8.4 | 200 OK Content-Length: 5024 Content-Type: text/javascript | clean |
http://gosci.com/wp-content/plugins/cforms.bak/js/cforms.js | 200 OK Content-Length: 17771 Content-Type: application/javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24552 Content-Type: text/javascript | clean |
http://www.gosci.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 30 Sep 2014 09:00:31 GMT Pragma: no-cache Location: http://gosci.com/test404page.js Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://gosci.com/xmlrpc.php | clean |
http://gosci.com/test404page.js | 404 Not Found Content-Length: 7595 Content-Type: text/html | clean |
http://gosci.com/aboutus/ | 200 OK Content-Length: 11746 Content-Type: text/html | clean |
http://gosci.com/projects/ | 200 OK Content-Length: 15429 Content-Type: text/html | clean |
http://gosci.com/fleet/ | 200 OK Content-Length: 10546 Content-Type: text/html | clean |
http://gosci.com/news/ | 200 OK Content-Length: 115377 Content-Type: text/html | clean |
http://gosci.com/employment/ | 200 OK Content-Length: 13527 Content-Type: text/html | clean |
http://gosci.com/contactus/ | 200 OK Content-Length: 16313 Content-Type: text/html | clean |
http://gosci.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.3 | 200 OK Content-Length: 4289 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gosci.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gosci.com/
Result: gosci.com is not infected or malware details are not published yet.
Result: gosci.com is not infected or malware details are not published yet.