Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: demo2.presidence.pf
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 31 Dec 2015 03:54:15 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 31 Dec 2015 03:54:15 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 02898b88e18f79c418f6c0edf244a67a=b9f8f45f3f37e2f68fe43bca791f3b8a; path=/; HttpOnly
GET / HTTP/1.1
Host: demo2.presidence.pf
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 31 Dec 2015 03:54:15 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 31 Dec 2015 03:54:15 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 02898b88e18f79c418f6c0edf244a67a=b9f8f45f3f37e2f68fe43bca791f3b8a; path=/; HttpOnly
Second query (visit from search engine):
GET / HTTP/1.1
Host: demo2.presidence.pf
Referer: http://www.google.com/search?q=demo2.presidence.pf
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: demo2.presidence.pf
Referer: http://www.google.com/search?q=demo2.presidence.pf
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://demo2.presidence.pf/ | 200 OK Content-Length: 68802 Content-Type: text/html | clean |
http://demo2.presidence.pf/media/system/js/mootools-core.js | 200 OK Content-Length: 83893 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/system/js/core.js | 200 OK Content-Length: 5454 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/system/js/mootools-more.js | 200 OK Content-Length: 236825 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/system/js/modal.js | 200 OK Content-Length: 10127 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/jui/js/jquery.min.js | 200 OK Content-Length: 95930 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/jui/js/jquery-noconflict.js | 200 OK Content-Length: 21 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/jui/js/jquery-migrate.min.js | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/plugins/content/smartresizer/smartresizer/js/highslide/highslide-with-gallery.packed.js | 200 OK Content-Length: 37297 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/system/js/caption.js | 200 OK Content-Length: 491 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/media/jui/js/bootstrap.min.js | 200 OK Content-Length: 29156 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/cache/widgetkit/widgetkit-a8bbbac9.js | 200 OK Content-Length: 20769 Content-Type: application/javascript | clean |
http://demo2.presidence.pf/templates/newsplace/js/jquery/jquery-noconflict.js | 200 OK Content-Length: 21 Content-Type: application/javascript | clean |
http://www.sante.gov.pf/modules/mod_juslideshow/assets/js/jquery.juslideshow.min.js | 200 OK Content-Length: 49243 Content-Type: application/javascript | clean |
http://www.sante.gov.pf/modules/mod_juslideshow/assets/js/jquery.easing.1.3.min.js | 200 OK Content-Length: 3519 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=demo2.presidence.pf
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://demo2.presidence.pf/
Result: demo2.presidence.pf is not infected or malware details are not published yet.
Result: demo2.presidence.pf is not infected or malware details are not published yet.