Scanned pages/files
Request | Server response | Status |
http://www.anguerny.fr/ | 200 OK Content-Length: 16758 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Lou Sh ...[9444 bytes skipped]... --fin titre_rubrique--> <div class="nettoyeur"> </div> <div id="contenu"> <div class="cartouche invisible"> <h1 class="invisible">Mairie Anguerny</h1> </div> <div id="breves"> <ul> <li>16 mai – <a href="spip.php?breve156">Hacked By Lou Sh</a></li> <li>9 mars – <a href="spip.php?breve155">Elections municipales 2014, ce qu’il faut savoir</a></li> <li>27 février – <a href="spip.php?breve154">Un nouveau bureau pour le Comité des fêtes</a></li> <li>27 février – <a href="spip.php?breve153">Opérations Croissants de l’APE ...[10783 bytes skipped]... | ||
http://www.anguerny.fr/prive/javascript/jquery.js | 200 OK Content-Length: 100334 Content-Type: application/javascript | clean |
http://www.anguerny.fr/prive/javascript/jquery.form.js | 200 OK Content-Length: 21365 Content-Type: application/javascript | clean |
http://www.anguerny.fr/prive/javascript/ajaxCallback.js | 200 OK Content-Length: 7523 Content-Type: application/javascript | clean |
http://www.anguerny.fr/plugins/couteau_suisse/outils/decoupe.js | 200 OK Content-Length: 1936 Content-Type: application/javascript | clean |
http://www.anguerny.fr/plugins/couteau_suisse/outils/sommaire.js | 200 OK Content-Length: 1121 Content-Type: application/javascript | clean |
http://www.anguerny.fr/spip.php?page=diapo.js | 200 OK Content-Length: 5473 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var diapo_on=false; var center=true; function diaposlide(timeout,mDiapo){ if (diapo_on){ mClass=$("#"+mDiapo+" .diapo .diapo_grand").show().attr('class').replace(' diapo_grand','').split('_'); mpage="diapo_img"; mid_article=mClass[1]; mnum=mClass[2]; $.get("spip.php", {page : mpage, id_article : mid_article, num : mnum}, function(txt){ debut=txt.indexOf("<!-- debut diapo_img"+mid_article+" -->"); fin=txt.lastIndexO $(".diapo_icones").show(); $(".diapo_icones a").diapo_mode(); $(".diapo_menu a.lien_pagination").diapo_pagination(); $(".diapo_vignette a").diapo_vignette(); $(".diaporama").each(function(){ rel=$(this).attr("id"); $(this).find(".diapo_menu a.lien_pagination").attr("rel",rel); }); $(".diapo_icones .selected").each(function(){ if ($(this).attr('class')=='diapo_ico selected play') $(this).click(); }); }); Antivirus reports:
| ||
http://www.anguerny.fr/spip.php?article315 | 200 OK Content-Length: 18286 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?article314 | 200 OK Content-Length: 17213 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?article317 | 200 OK Content-Length: 16852 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?article316 | 200 OK Content-Length: 16410 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?article306 | 200 OK Content-Length: 18539 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?article319 | 200 OK Content-Length: 16929 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?rubrique1 | 200 OK Content-Length: 18195 Content-Type: text/html | clean |
http://www.anguerny.fr/spip.php?rubrique2 | 200 OK Content-Length: 23117 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: anguerny.fr
Result:
GET / HTTP/1.1
Host: anguerny.fr
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: anguerny.fr
Referer: http://www.google.com/search?q=anguerny.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: anguerny.fr
Referer: http://www.google.com/search?q=anguerny.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=anguerny.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://anguerny.fr/
Result: anguerny.fr is not infected or malware details are not published yet.
Result: anguerny.fr is not infected or malware details are not published yet.