Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gp50.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Connection: close
Content-Length: 6195
Content-Type: text/html
Set-Cookie: visid_incap_256684=N7gmvPmxQE+3wUM7lvbaeUcbDVUAAAAAQUIPAAAAAAAM/pvg7UKRemspWdIxX6LW; expires=Sun, 19 Mar 2017 09:57:42 GMT; path=/; Domain=.gp50.com
Set-Cookie: incap_ses_257_256684=KB14HBSJgxVjec8kbgyRA0cbDVUAAAAAKknjj2yafj3C+XjcI32kbw==; path=/; Domain=.gp50.com
X-Iinfo: 10-540188334-0 0NNN RT(1426922311719 17) q(0 -1 -1 -1) r(0 -1) B10(4,314,0)
...6195 bytes of data.
GET / HTTP/1.1
Host: gp50.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Connection: close
Content-Length: 6195
Content-Type: text/html
Set-Cookie: visid_incap_256684=N7gmvPmxQE+3wUM7lvbaeUcbDVUAAAAAQUIPAAAAAAAM/pvg7UKRemspWdIxX6LW; expires=Sun, 19 Mar 2017 09:57:42 GMT; path=/; Domain=.gp50.com
Set-Cookie: incap_ses_257_256684=KB14HBSJgxVjec8kbgyRA0cbDVUAAAAAKknjj2yafj3C+XjcI32kbw==; path=/; Domain=.gp50.com
X-Iinfo: 10-540188334-0 0NNN RT(1426922311719 17) q(0 -1 -1 -1) r(0 -1) B10(4,314,0)
...6195 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gp50.com
Referer: http://www.google.com/search?q=gp50.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gp50.com
Referer: http://www.google.com/search?q=gp50.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://gp50.com/ | 200 OK Content-Length: 6195 Content-Type: text/html | clean |
http://gp50.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 21 Mar 2015 07:18:34 GMT Pragma: no-cache Age: 0 Location: http://www.gp50.com/test404page.js Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: visid_incap_256684=tcPym3uSSUGXvvZc+/lCHkkbDVUAAAAAQUIPAAAAAAC72Z5q5P3gYc2+cWuh6L6H; expires=Sun, 19 Mar 2017 09:57:42 GMT; path=/; Domain=.gp50.com Set-Cookie: incap_ses_257_256684=uyCBI9pqeT8efc8kbgyRA0kbDVUAAAAArDWSsMmZxj4NIYXp+iJBEA==; path=/; Domain=.gp50.com X-Backend: wpaas_web_027 X-Cache: uncached X-Cache-Hit: MISS X-Cacheable: YES X-CDN: Incapsula X-Iinfo: 10-540188509-540188510 NNNN CT(22 -1 0) RT(1426922312324 1) q(0 0 0 -1) r(15 15) U11 X-Pingback: http://www.gp50.com/xmlrpc.php X-Port: port_10766 | clean |
http://www.gp50.com/test404page.js | 404 Not Found Content-Length: 55979 Content-Type: text/html | clean |
http://www.gp50.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.2 | 200 OK Content-Length: 3998 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.2 | 200 OK Content-Length: 6903 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.2 | 200 OK Content-Length: 3156 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/resizable.min.js?ver=1.11.2 | 200 OK Content-Length: 18525 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/draggable.min.js?ver=1.11.2 | 200 OK Content-Length: 18854 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/button.min.js?ver=1.11.2 | 200 OK Content-Length: 7190 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.2 | 200 OK Content-Length: 6524 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-includes/js/jquery/ui/dialog.min.js?ver=1.11.2 | 200 OK Content-Length: 12121 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-content/plugins/easy-contact-form-solution/js/popup.js?ver=4.1.1 | 200 OK Content-Length: 3256 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-content/plugins/easy-contact-form-solution/js/tab_select.js?ver=4.1.1 | 200 OK Content-Length: 1692 Content-Type: application/javascript | clean |
http://www.gp50.com/wp-content/plugins/easy-contact-form-solution/js/ajax.js?ver=4.1.1 | 200 OK Content-Length: 3387 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gp50.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gp50.com/
Result: gp50.com is not infected or malware details are not published yet.
Result: gp50.com is not infected or malware details are not published yet.