Scanned pages/files
| Request | Server response | Status |
http://habitas.ws/ | 200 OK Content-Length: 16388 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Lou Sh ...[678 bytes skipped]... no-js ie ie9"> <![endif]--> <!--[if (gt IE 9)|!(IE)]><!--> <html dir="ltr" lang="es" xmlns="http://www.w3.org/1999/xhtml" xml:lang="es" class="ltr es no-js"> <!--<![endif]--> <head> <script type='text/javascript'>/*<![CDATA[*/(function(H){H.className=H.className.replace(/\bno-js\b/,'js')})(document.documentElement);/*]]>*/</script> <title>Hacked By Lou Sh</title> <meta name="description" content="Hacked By Lou Sh Hacked By Lou Sh ~ Team GPECDS ~ SaHrawi Arab Democratic Republic .. Message To The Governmant : Where Are (...)" /> <!-- CĂrculo de Genios--> <!-- head.html --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <link rel="alternate" type="application/rss+xml" title="Sindicar el sitio completo" href="spip.php?page=backend" /> <m ...[19310 bytes skipped]... | ||
http://habitas.ws/spip.php?page=plan | 200 OK Content-Length: 7167 Content-Type: text/html | clean |
http://habitas.ws/prive/javascript/jquery.js | 200 OK Content-Length: 252881 Content-Type: application/javascript | clean |
http://habitas.ws/prive/javascript/jquery.form.js | 200 OK Content-Length: 28454 Content-Type: application/javascript | clean |
http://habitas.ws/prive/javascript/jquery.autosave.js | 200 OK Content-Length: 1464 Content-Type: application/javascript | clean |
http://habitas.ws/prive/javascript/jquery.placeholder-label.js | 200 OK Content-Length: 1565 Content-Type: application/javascript | clean |
http://habitas.ws/prive/javascript/ajaxCallback.js | 200 OK Content-Length: 30044 Content-Type: application/javascript | clean |
http://habitas.ws/prive/javascript/jquery.cookie.js | 200 OK Content-Length: 4246 Content-Type: application/javascript | clean |
http://habitas.ws/plugins-dist/mediabox/javascript/jquery.colorbox.js?1382351186 | 200 OK Content-Length: 27901 Content-Type: application/javascript | clean |
http://habitas.ws/plugins-dist/mediabox/javascript/spip.mediabox.js?1382351186 | 200 OK Content-Length: 3802 Content-Type: application/javascript | clean |
http://habitas.ws/plugins-dist/porte_plume/javascript/jquery.markitup_pour_spip.js | 200 OK Content-Length: 24860 Content-Type: application/javascript | clean |
http://habitas.ws/plugins-dist/porte_plume/javascript/jquery.previsu_spip.js | 200 OK Content-Length: 2673 Content-Type: application/javascript | clean |
http://habitas.ws/spip.php?page=porte_plume_start.js&lang=es | 200 OK Content-Length: 13199 Content-Type: text/javascript | clean |
http://habitas.ws/index.php | 200 OK Content-Length: 16396 Content-Type: text/html | clean |
http://habitas.ws/spip.php?page=login&url=index.php | 200 OK Content-Length: 5551 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: habitas.ws
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Dec 2014 17:42:06 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Last-Modified: Sun, 07 Dec 2014 17:42:07 GMT
Composed-By: SPIP 3.0.7 @ www.spip.net + spip(3.0.7),compagnon(1.4.0),dump(1.6.7),images(1.1.4),forum(1.8.21),jqueryui(1.8.21),mediabox(0.8.4),medias(2.7.43),mots(2.4.9),msie_compat(1.2.0),organiseur(0.8.8),petitions(1.4.3),porte_plume(1.12.2),revisions(1.7.2),safehtml(1.4.0),sites(1.7.8),squelettes_par_rubrique(1.1.0),stats(0.4.10),svp(0.80.12),tw(0.8.16),urls(1.4.14),vertebres(1.2.1),iterateurs(0.6.1),queue(0.6.6),breves(1.3.5),compresseur(1.8.2)
X-Powered-By: PHP/5.4.35
X-Spip-Cache: 86400
GET / HTTP/1.1
Host: habitas.ws
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 07 Dec 2014 17:42:06 GMT
Server: Apache/2.4.10 (Unix) OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4
Vary: Cookie,Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Last-Modified: Sun, 07 Dec 2014 17:42:07 GMT
Composed-By: SPIP 3.0.7 @ www.spip.net + spip(3.0.7),compagnon(1.4.0),dump(1.6.7),images(1.1.4),forum(1.8.21),jqueryui(1.8.21),mediabox(0.8.4),medias(2.7.43),mots(2.4.9),msie_compat(1.2.0),organiseur(0.8.8),petitions(1.4.3),porte_plume(1.12.2),revisions(1.7.2),safehtml(1.4.0),sites(1.7.8),squelettes_par_rubrique(1.1.0),stats(0.4.10),svp(0.80.12),tw(0.8.16),urls(1.4.14),vertebres(1.2.1),iterateurs(0.6.1),queue(0.6.6),breves(1.3.5),compresseur(1.8.2)
X-Powered-By: PHP/5.4.35
X-Spip-Cache: 86400
Second query (visit from search engine):
GET / HTTP/1.1
Host: habitas.ws
Referer: http://www.google.com/search?q=habitas.ws
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: habitas.ws
Referer: http://www.google.com/search?q=habitas.ws
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=habitas.ws
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://habitas.ws/
Result: habitas.ws is not infected or malware details are not published yet.
Result: habitas.ws is not infected or malware details are not published yet.