Scanned pages/files
Request | Server response | Status |
http://gesthote.com/ | 200 OK Content-Length: 3434 Content-Type: text/html | clean |
http://gesthote.com/index.php | 200 OK Content-Length: 3434 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=association | 200 OK Content-Length: 4735 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=membres | 200 OK Content-Length: 91039 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=galerie | 200 OK Content-Length: 3589 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=evenements | 200 OK Content-Length: 5010 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=plantes | 200 OK Content-Length: 17337 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=presse | 200 OK Content-Length: 3037 Content-Type: text/html | clean |
http://gesthote.com/index.php?p=amis | 200 OK Content-Length: 13956 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by MAD $CI3NTI$T ...[1981 bytes skipped]... ;/div> <div id="contenu"> <h3 id="titre_page" align="center">Sites amis</h3> <p><strong><a href="http://www.auberge-chaneac.fr">Auberge Chanéac</a></strong> : <em><html> <head> <link rel="shortcut icon" href="http://www.veryicon.com/icon/png/Holiday/iPhonica%20Halloween/Skull.png"> <title> Hacked by MAD $CI3NTI$T </title> <embed src="[color=#FF0000]https://www.youtube.com/watch?v=L0bEC8sWOtA&autoplay=1[/color]" type="application/x-shockwave-flash" wmode="transparent" width="1" height="1"></embed> <script language="JavaScript1.2"> var speed=1 var currentpos=0,alt=1,curpos1=0,curpos2=-1 function initialize(){ startit() } ...[13971 bytes skipped]... | ||
http://htmlfreecodes.com/userdata/heart.js | 200 OK Content-Length: 226 Content-Type: application/javascript | clean |
http://gesthote.com/index.php?p=contact | 200 OK Content-Length: 3936 Content-Type: text/html | clean |
http://gesthote.com/index.php?pgalerie | 200 OK Content-Length: 3434 Content-Type: text/html | clean |
http://gesthote.com/admin/login.php | 200 OK Content-Length: 2373 Content-Type: text/html | clean |
http://gesthote.com/admin/../index.php | 200 OK Content-Length: 3434 Content-Type: text/html | clean |
http://gesthote.com/admin/../index.php?p=association | 200 OK Content-Length: 4735 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gesthote.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 01 Jul 2015 21:03:03 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8a11db32e325d0264d7d903358bbcb93; path=/
X-Powered-By: PHP/4.4.9
GET / HTTP/1.1
Host: gesthote.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 01 Jul 2015 21:03:03 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8a11db32e325d0264d7d903358bbcb93; path=/
X-Powered-By: PHP/4.4.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: gesthote.com
Referer: http://www.google.com/search?q=gesthote.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gesthote.com
Referer: http://www.google.com/search?q=gesthote.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gesthote.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gesthote.com/
Result: gesthote.com is not infected or malware details are not published yet.
Result: gesthote.com is not infected or malware details are not published yet.