Scanned pages/files
| Request | Server response | Status |
http://chancepost.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Apr 2015 16:32:22 GMT Location: http://www.chancepost.com/ Server: Apache Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.chancepost.com/ | 200 OK Content-Length: 30302 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY 1SMARTLORD D NET_ERROR ...[546 bytes skipped]... t; <link rel=File-List href="deface%202_files/filelist.xml"> <link rel=Edit-Time-Data href="deface%202_files/editdata.mso"> <!--[if !mso]> <style> v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);} </style> <![endif]--> <title> HACKED BY 1SMARTLORD D NET_ERROR </title> <!--[if gte mso 9]><xml> <o:DocumentProperties> <o:Author>SMARTLORD CUPID LUIZ</o:Author> <o:Template>Normal</o:Template> <o:LastAuthor>SMARTLORD D NET_ERROR</o:LastAuthor> <o:Revision>4</o:Revision> <o:TotalTime>19</o:TotalTime> <o:Created>2013-08-19T04:08:08</o:Created> <o:LastSaved>2013-08-19T04:08:00Z</o: ...[33899 bytes skipped]... | ||
http://stats.hosting24.com/count.php | 200 OK Content-Length: 1251 Content-Type: application/javascript | clean |
http://chancepost.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 04 Apr 2015 16:32:23 GMT Location: http://www.chancepost.com/test404page.js Server: Apache Content-Length: 248 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.chancepost.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Apr 2015 16:32:24 GMT Location: http://www.godaddy.com/error.php Server: Apache Content-Length: 216 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.godaddy.com/error.php | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, no-store, must-revalidate Connection: close Date: Sat, 04 Apr 2015 16:32:24 GMT Pragma: no-cache Location: https://www.godaddy.com/error.php Server: Microsoft-IIS/7.0 Content-Length: 150 Expires: 0 P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR OUR IND" | clean |
https://www.godaddy.com/error.php | 404 Not Found Content-Length: 166378 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gaDataLayer = _gaDataLayer || []; _gaDataLayer.push({ 'shopperId': '' }); _gaDataLayer.push({ 'privateLabelId': '1' }); _gaDataLayer.push({ 'isc': '' }); _gaDataLayer.push({ 'server': 'P3PWCORPWEB118' }); _gaDataLayer.push({ 'segmentId': '0' }); var _gaq = _gaq || []; _gaq.push(['_setDomainName', 'godaddy.com']); Antivirus reports:
| ||
https://www.godaddy.com//img1.wsimg.com/ux/1.2.9-brand/js/uxcore.en.min.js/ | 404 Not Found Content-Length: 169882 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gaDataLayer = _gaDataLayer || []; _gaDataLayer.push({ 'shopperId': '' }); _gaDataLayer.push({ 'privateLabelId': '1' }); _gaDataLayer.push({ 'isc': '' }); _gaDataLayer.push({ 'server': 'P3PWCORPWEB126' }); _gaDataLayer.push({ 'segmentId': '0' }); var _gaq = _gaq || []; _gaq.push(['_setDomainName', 'godaddy.com']); Antivirus reports:
| ||
https://www.godaddy.com//img1.wsimg.com/ux/eldorado/1.4.8/js/salesheader.min.js/ | 404 Not Found Content-Length: 170301 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gaDataLayer = _gaDataLayer || []; _gaDataLayer.push({ 'shopperId': '' }); _gaDataLayer.push({ 'privateLabelId': '1' }); _gaDataLayer.push({ 'isc': '' }); _gaDataLayer.push({ 'server': 'P3PWCORPWEB112' }); _gaDataLayer.push({ 'segmentId': '0' }); var _gaq = _gaq || []; _gaq.push(['_setDomainName', 'godaddy.com']); Antivirus reports:
| ||
https://img1.wsimg.com/fos/hp/rebrand/js/bigtext.min.js | 200 OK Content-Length: 4163 Content-Type: application/x-javascript | clean |
https://img1.wsimg.com/starfield/fos.share/v1.3/fos.share-20140505.min.js | 200 OK Content-Length: 17878 Content-Type: application/x-javascript | clean |
https://www.godaddy.com/es | 200 OK Content-Length: 118678 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gaDataLayer = _gaDataLayer || []; _gaDataLayer.push({ 'shopperId': '' }); _gaDataLayer.push({ 'privateLabelId': '1' }); _gaDataLayer.push({ 'isc': '' }); _gaDataLayer.push({ 'server': 'P3PWCORPWEB138' }); _gaDataLayer.push({ 'segmentId': '0' }); var _gaq = _gaq || []; _gaq.push(['_setDomainName', 'godaddy.com']); Antivirus reports:
| ||
https://img1.wsimg.com/shared/js/1.8.0/global.20120918.min.js | 200 OK Content-Length: 92807 Content-Type: application/x-javascript | clean |
https://img1.wsimg.com//pc/js/1/gd_cds_2014v1_js_20150121.min.js/ | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://img1.wsimg.com/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
https://img1.wsimg.com/fos/script/sales17.min.js | 200 OK Content-Length: 18367 Content-Type: application/x-javascript | clean |
https://img1.wsimg.com/fos/hp/rebrand/js/homepage_script_20140410.min.js | 200 OK Content-Length: 9477 Content-Type: application/x-javascript | clean |
https://img1.wsimg.com/fos/script/atlantis_jquery14.min.js | 200 OK Content-Length: 57553 Content-Type: application/x-javascript | clean |
https://img1.wsimg.com/shared/js/jquery.plugins.min.20111019.js | 200 OK Content-Length: 41309 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chancepost.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Apr 2015 16:32:22 GMT
Location: http://www.chancepost.com/
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
GET / HTTP/1.1
Host: chancepost.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 04 Apr 2015 16:32:22 GMT
Location: http://www.chancepost.com/
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: chancepost.com
Referer: http://www.google.com/search?q=chancepost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chancepost.com
Referer: http://www.google.com/search?q=chancepost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chancepost.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chancepost.com/
Result: chancepost.com is not infected or malware details are not published yet.
Result: chancepost.com is not infected or malware details are not published yet.