Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wowspy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 18:40:46 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=31cc6506da7868c520ee4e1376a57e1d; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: wowspy.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 03 Oct 2014 18:40:46 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=31cc6506da7868c520ee4e1376a57e1d; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 03-Oct-2013 18:40:45 GMT; path=/; domain=.wowspy.ru; httponly
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: wowspy.ru
Referer: http://www.google.com/search?q=wowspy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wowspy.ru
Referer: http://www.google.com/search?q=wowspy.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://wowspy.ru/ | 200 OK Content-Length: 47129 Content-Type: text/html | clean |
http://wowspy.ru/engine/classes/js/jquery.js | 200 OK Content-Length: 78601 Content-Type: application/x-javascript | clean |
http://wowspy.ru/engine/classes/js/jqueryui.js | 200 OK Content-Length: 64128 Content-Type: application/x-javascript | clean |
http://wowspy.ru/engine/classes/js/dle_js.js | 200 OK Content-Length: 15271 Content-Type: application/x-javascript | clean |
http://wowspy.ru/engine/classes/highslide/highslide.js | 200 OK Content-Length: 32262 Content-Type: application/x-javascript | clean |
http://static.wowhead.com/widgets/power.js | 200 OK Content-Length: 33265 Content-Type: application/javascript | clean |
http://wowspy.ru/index.php?do=register | 200 OK Content-Length: 29274 Content-Type: text/html | clean |
http://wowspy.ru//yandex.st/share/share.js/ | 404 Not Found Content-Length: 2317 Content-Type: text/html | clean |
http://wowspy.ru/test404page.js | 404 Not Found Content-Length: 2317 Content-Type: text/html | clean |
http://wowspy.ru/job.html | 200 OK Content-Length: 28027 Content-Type: text/html | clean |
http://wowspy.ru/adv.html | 200 OK Content-Length: 27186 Content-Type: text/html | clean |
http://wowspy.ru/index.php?do=feedback | 200 OK Content-Length: 30928 Content-Type: text/html | clean |
http://wowspy.ru/engine/rss.php | 200 OK Content-Length: 576 Content-Type: application/xml | clean |
http://wowspy.ru/news/ | 200 OK Content-Length: 45645 Content-Type: text/html | clean |
http://wowspy.ru/guide/ | 200 OK Content-Length: 47162 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wowspy.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wowspy.ru/
Result: wowspy.ru is not infected or malware details are not published yet.
Result: wowspy.ru is not infected or malware details are not published yet.