Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sosertanejo10.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Dec 2014 04:16:08 GMT
Location: http://www.sosertanejo10.com/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly
X-Cache: HIT from Backend
X-CF-Powered-By: WP 1.3.14
X-Pingback: http://www.sosertanejo10.com/xmlrpc.php
X-Powered-By: PHP/5.4.28
...0 bytes of data.
GET / HTTP/1.1
Host: sosertanejo10.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 29 Dec 2014 04:16:08 GMT
Location: http://www.sosertanejo10.com/
Server: nginx admin
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly
X-Cache: HIT from Backend
X-CF-Powered-By: WP 1.3.14
X-Pingback: http://www.sosertanejo10.com/xmlrpc.php
X-Powered-By: PHP/5.4.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sosertanejo10.com
Referer: http://www.google.com/search?q=sosertanejo10.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sosertanejo10.com
Referer: http://www.google.com/search?q=sosertanejo10.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://sosertanejo10.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Dec 2014 04:16:08 GMT Location: http://www.sosertanejo10.com/ Server: nginx admin Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-content/plugins; httponly Set-Cookie: wordpress_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/wp-admin; httponly Set-Cookie: wordpress_logged_in_eca382a485807b55f70f4362a19a63ff=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; httponly X-Cache: HIT from Backend X-CF-Powered-By: WP 1.3.14 X-Pingback: http://www.sosertanejo10.com/xmlrpc.php X-Powered-By: PHP/5.4.28 | clean |
http://www.sosertanejo10.com/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.sosertanejo10.com/test404page.js | 404 Not Found Content-Length: 85117 Content-Type: text/html | clean |
http://baixarquivo.com/script-v2.js | 200 OK Content-Length: 27504 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js?ver=4.1 | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://www.sosertanejo10.com/wp-content/plugins/wp-super-popup/jquery.colorbox-min.js?ver=984585738 | 200 OK Content-Length: 18709 Content-Type: application/x-javascript | clean |
http://www.sosertanejo10.com/wp-content/plugins/wp-super-popup/jquery.utils-min.js?ver=918998300 | 200 OK Content-Length: 997 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://sosertanejo10.com/wp-content/themes/sosertanejo10/js/jquery.flexislider.js | 200 OK Content-Length: 1186 Content-Type: application/x-javascript | clean |
http://www.sosertanejo10.com/cont.js | 200 OK Content-Length: 618 Content-Type: application/x-javascript | clean |
http://www.adcash.com/script/java.php?option=rotateur&r=313318 | 200 OK Content-Length: 9172 Content-Type: text/html | clean |
http://www.adcash.com/test404page.js | 404 Not Found Content-Length: 565 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sosertanejo10.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sosertanejo10.com/
Result: sosertanejo10.com is not infected or malware details are not published yet.
Result: sosertanejo10.com is not infected or malware details are not published yet.