Scanned pages/files
| Request | Server response | Status |
http://beaugut.com/ | 200 OK Content-Length: 132604 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HaCked by Toxic Dz ...[89661 bytes skipped]... ay!</p> <p>I prepared to start work on my Picture of the Week. The first job is to reference last week’s images, so I can update them to the <a title="Images of Birds of Prey" href="http://weeklypic.hawk-conservancy.org/" target="_blank">Images of Birds of Prey</a> blog. I browsed to hawkconservancy.org. Up came a blank page with, across the top, the words, “<strong>HaCked by Toxic Dz</strong>“. Great.</p> <p>Looking on Filezilla, it was clear that the index file, index.asp, had been replaced. Also added were: index.cfm, index.htm, index.html and index.php, together with default.asp, default.cfm, default.htm, default.html and default.php. Simple job; delete ten files and upload one. I continued.</p> <p>Once I had built the Picture of the Week page, I uploaded it, together with the relevant image files, an ...[61404 bytes skipped]... | ||
http://channing.info/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=4.0 | 200 OK Content-Length: 33 Content-Type: application/javascript | clean |
http://channing.info/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://channing.info/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=4.0 | 200 OK Content-Length: 24995 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=4.0 | 200 OK Content-Length: 5337 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=4.0 | 200 OK Content-Length: 891 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/jetpack/_inc/postmessage.js?ver=3.1.1 | 200 OK Content-Length: 19615 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/jetpack/_inc/jquery.inview.js?ver=3.1.1 | 200 OK Content-Length: 5590 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/jetpack/_inc/jquery.jetpack-resize.js?ver=3.1.1 | 200 OK Content-Length: 8104 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/cookie-law-info/js/cookielawinfo.js?ver=4.0 | 200 OK Content-Length: 6032 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=4.0 | 200 OK Content-Length: 890 Content-Type: application/javascript | clean |
http://channing.info/wp-content/plugins/wpfront-scroll-top/js/wpfront-scroll-top.js?ver=1.4 | 200 OK Content-Length: 3377 Content-Type: application/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false | 200 OK Content-Length: 5024 Content-Type: text/javascript | clean |
http://channing.info/wp-content/plugins/highslide-integration/highslide/highslide.js | 200 OK Content-Length: 37013 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: beaugut.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 16:52:33 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
Link: <http://wp.me/1axd0>; rel=shortlink
X-Pingback: http://channing.info/xmlrpc.php
GET / HTTP/1.1
Host: beaugut.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 16:52:33 GMT
Server: Apache
Content-Encoding: none
Content-Type: text/html; charset=UTF-8
Link: <http://wp.me/1axd0>; rel=shortlink
X-Pingback: http://channing.info/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: beaugut.com
Referer: http://www.google.com/search?q=beaugut.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: beaugut.com
Referer: http://www.google.com/search?q=beaugut.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=beaugut.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://beaugut.com/
Result: beaugut.com is not infected or malware details are not published yet.
Result: beaugut.com is not infected or malware details are not published yet.