Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: honda-hybrid.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Wed, 04 Mar 2015 16:50:57 GMT
Pragma: private
Server: nginx/1.0.9
Content-Type: text/html; charset=windows-1251
Set-Cookie: bb_sessionhash=512cd3b4440a6f9adf37f7cd8760496a; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1425487857; expires=Thu, 03-Mar-2016 16:50:57 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Thu, 03-Mar-2016 16:50:57 GMT; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.13
GET / HTTP/1.1
Host: honda-hybrid.ru
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Wed, 04 Mar 2015 16:50:57 GMT
Pragma: private
Server: nginx/1.0.9
Content-Type: text/html; charset=windows-1251
Set-Cookie: bb_sessionhash=512cd3b4440a6f9adf37f7cd8760496a; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1425487857; expires=Thu, 03-Mar-2016 16:50:57 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Thu, 03-Mar-2016 16:50:57 GMT; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.13
Second query (visit from search engine):
GET / HTTP/1.1
Host: honda-hybrid.ru
Referer: http://www.google.com/search?q=honda-hybrid.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: honda-hybrid.ru
Referer: http://www.google.com/search?q=honda-hybrid.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.honda-hybrid.ru/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:50:57 GMT Location: http://honda-hybrid.ru/ Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/ | 200 OK Content-Length: 89327 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/vbulletin-core.js?v=422 | 200 OK Content-Length: 51946 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/vbulletin_post_loader.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:50:59 GMT Location: http://honda-hybrid.ru/clientscript/vbulletin_post_loader.js Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/vbulletin_post_loader.js | 200 OK Content-Length: 2335 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/imdmstat_post_load-min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:50:59 GMT Location: http://honda-hybrid.ru/clientscript/imdmstat_post_load-min.js Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/imdmstat_post_load-min.js | 200 OK Content-Length: 3605 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/imdmstat_main-min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:50:59 GMT Location: http://honda-hybrid.ru/clientscript/imdmstat_main-min.js Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/imdmstat_main-min.js | 200 OK Content-Length: 4765 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/vbulletin_read_marker.js?v=422 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:51:00 GMT Location: http://honda-hybrid.ru/clientscript/vbulletin_read_marker.js?v=422 Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/vbulletin_read_marker.js?v=422 | 200 OK Content-Length: 4460 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/vbulletin_md5.js?v=384 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:51:00 GMT Location: http://honda-hybrid.ru/clientscript/vbulletin_md5.js?v=384 Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/vbulletin_md5.js?v=384 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/clientscript/imdmstat_tip-min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:51:00 GMT Location: http://honda-hybrid.ru/clientscript/imdmstat_tip-min.js Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/imdmstat_tip-min.js | 200 OK Content-Length: 971 Content-Type: application/x-javascript | clean |
http://www.honda-hybrid.ru/archive/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Mar 2015 16:51:01 GMT Location: http://honda-hybrid.ru/archive/ Server: nginx/1.0.9 Content-Length: 184 Content-Type: text/html | clean |
http://honda-hybrid.ru/archive/ | 200 OK Content-Length: 5897 Content-Type: text/html | clean |
http://honda-hybrid.ru/archive/index.php?s=2fecabc83b9e1e75034c39ee96617292 | 200 OK Content-Length: 5897 Content-Type: text/html | clean |
http://honda-hybrid.ru/archive/index.php?s=2fecabc83b9e1e75034c39ee96617292&pda=1 | HTTP/1.1 303 See Other Cache-Control: private Connection: close Date: Wed, 04 Mar 2015 16:51:01 GMT Pragma: private Location: http://honda-hybrid.ru/archive/index.php?s=2fecabc83b9e1e75034c39ee96617292 Server: nginx/1.0.9 Content-Type: text/html; charset=windows-1251 Set-Cookie: bb_lastvisit=1425487861; expires=Thu, 03-Mar-2016 16:51:01 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Thu, 03-Mar-2016 16:51:01 GMT; path=/ Set-Cookie: bb_pda=1; expires=Thu, 03-Mar-2016 16:51:01 GMT; path=/ X-Powered-By: PHP/5.3.13 | clean |
http://honda-hybrid.ru/test404page.js | 404 Not Found Content-Length: 14 Content-Type: text/html | clean |
http://honda-hybrid.ru/forum.php?s=2fecabc83b9e1e75034c39ee96617292 | 200 OK Content-Length: 89592 Content-Type: text/html | clean |
http://honda-hybrid.ru/register.php | 200 OK Content-Length: 33018 Content-Type: text/html | clean |
http://honda-hybrid.ru/clientscript/vbulletin_md5.js?v=422 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | clean |
http://honda-hybrid.ru/clientscript/vbulletin_ajax_nameverif.js?v=422 | 200 OK Content-Length: 2502 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=honda-hybrid.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://honda-hybrid.ru/
Result: honda-hybrid.ru is not infected or malware details are not published yet.
Result: honda-hybrid.ru is not infected or malware details are not published yet.