Scanned pages/files
| Request | Server response | Status |
http://bythewayworld.com/ | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?ND | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?NA | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?MA | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?MD | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?SA | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?SD | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?DA | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/?DD | 200 OK Content-Length: 872 Content-Type: text/html | clean |
http://bythewayworld.com/cgi-bin/ | 403 Forbidden Content-Length: 1139 Content-Type: text/html | clean |
http://bythewayworld.com/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://bythewayworld.com/index.html.bkp | 200 OK Content-Length: 6349 Content-Type: text/plain | suspicious |
Deface/Content modification. The following signature was found: HACKED BY Falcons Team Hackers ...[83 bytes skipped]... > <head> <script language="JavaScript"><!-- Beginvar scrl = " Free Palestine ";function scrlsts() { scrl = scrl.substring(1, scrl.length) + scrl.substring(0, 1); document.title = scrl; setTimeout("scrlsts()", 300); }// End --></script> <meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type"> <meta name="keywords" content="HACKED BY Falcons Team Hackers "> <title>HACKED BY Falcons Team Hackers</title> <meta name="description" content="HACKED BY Falcons Team Hackers"> <link href="http://fonts.googleapis.com/css?family=Orbitron:700" rel="stylesheet" type="text/css"> <style> body {background-image:url('http://farm9.staticflickr.com/8044/8149686179_780ba9a3e0_b.jpg');color:black;font-family:orbitron;text-align:center;} .imgs {border: 5p ...[7040 bytes skipped]... | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bythewayworld.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jul 2015 20:14:06 GMT
Server: LiteSpeed
Content-Length: 872
Content-Type: text/html
X-Powered-By: PHP/5.4.39
...872 bytes of data.
GET / HTTP/1.1
Host: bythewayworld.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jul 2015 20:14:06 GMT
Server: LiteSpeed
Content-Length: 872
Content-Type: text/html
X-Powered-By: PHP/5.4.39
...872 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bythewayworld.com
Referer: http://www.google.com/search?q=bythewayworld.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bythewayworld.com
Referer: http://www.google.com/search?q=bythewayworld.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bythewayworld.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bythewayworld.com/
Result: bythewayworld.com is not infected or malware details are not published yet.
Result: bythewayworld.com is not infected or malware details are not published yet.