Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gudvin72.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 29 May 2014 19:05:02 GMT
Pragma: no-cache
Server: nginx/1.4.1
Vary: Accept-Encoding
Content-Length: 5391
Content-Type: text/html; charset=cp1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6bbe5e237f9c600de43d5b86468b2a90; path=/
X-Powered-By: PHP/5.2.17
...5391 bytes of data.
GET / HTTP/1.1
Host: gudvin72.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 29 May 2014 19:05:02 GMT
Pragma: no-cache
Server: nginx/1.4.1
Vary: Accept-Encoding
Content-Length: 5391
Content-Type: text/html; charset=cp1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6bbe5e237f9c600de43d5b86468b2a90; path=/
X-Powered-By: PHP/5.2.17
...5391 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gudvin72.ru
Referer: http://www.google.com/search?q=gudvin72.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gudvin72.ru
Referer: http://www.google.com/search?q=gudvin72.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://gudvin72.ru/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 29 May 2014 19:05:02 GMT Pragma: no-cache Server: nginx/1.4.1 Vary: Accept-Encoding Content-Length: 5391 Content-Type: text/html; charset=cp1251 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6bbe5e237f9c600de43d5b86468b2a90; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://gudvin72.ru/main/ | 200 OK Content-Length: 80026 Content-Type: text/html | clean |
http://gudvin72.ru/design/jquery.js | 200 OK Content-Length: 58492 Content-Type: application/x-javascript | clean |
http://gudvin72.ru//mc.yandex.ru/metrika/watch.js/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 29 May 2014 19:05:03 GMT Pragma: no-cache Server: nginx/1.4.1 Vary: Accept-Encoding Content-Length: 5391 Content-Type: text/html; charset=cp1251 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=fa103b1c422498e27d638d4148ac5839; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://gudvin72.ru/test404page.js | 200 OK Content-Length: 11819 Content-Type: text/html | clean |
http://accountus.gets-it.net/googlestat.php | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://accountus.gets-it.net/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gudvin72.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gudvin72.ru/
Result: gudvin72.ru is not infected or malware details are not published yet.
Result: gudvin72.ru is not infected or malware details are not published yet.