Scanned pages/files
Request | Server response | Status |
http://harborlightbeacon.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 10 Jul 2015 19:50:04 GMT Location: http://www.harborlightbeacon.org/ Server: Apache/1.3.41 (Darwin) PHP/4.4.9 mod_ssl/2.8.31 OpenSSL/0.9.7l Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.harborlightbeacon.org/ | 200 OK Content-Length: 6565 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HacKeD By Farouk Zoubir_DZ And Fikou Codex <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head> <!-- saved from url=(0104)http://sechome.dayfor.net/redpoint/Public/Js/kindeditor/attached/file/20130318/20130318030444_21656.html --> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <script type="text/javascript"> var data="abcdefghijklmnopqrstuvwxyz0123456789"; var text="HacKeD By Farouk Zoubir_DZ And Fikou Codex";//Your Text Here var done=1; statusIn(text); function statusIn(text){ var max=4; var delay=100; if (done){ done = 0; decrypt_helper(text, max, delay, 0, max); } } function decrypt_helper(text, runs_left, delay, charvar, max){ if (!done){ runs_left = runs_left - 1; //alert( runs_left); var status = text.substring(0,charvar); for(var curre ...[7318 bytes skipped]... | ||
http://www.harborlightbeacon.org/test404page.js | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: harborlightbeacon.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 10 Jul 2015 19:50:04 GMT
Location: http://www.harborlightbeacon.org/
Server: Apache/1.3.41 (Darwin) PHP/4.4.9 mod_ssl/2.8.31 OpenSSL/0.9.7l
Content-Type: text/html; charset=iso-8859-1
GET / HTTP/1.1
Host: harborlightbeacon.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 10 Jul 2015 19:50:04 GMT
Location: http://www.harborlightbeacon.org/
Server: Apache/1.3.41 (Darwin) PHP/4.4.9 mod_ssl/2.8.31 OpenSSL/0.9.7l
Content-Type: text/html; charset=iso-8859-1
Second query (visit from search engine):
GET / HTTP/1.1
Host: harborlightbeacon.org
Referer: http://www.google.com/search?q=harborlightbeacon.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: harborlightbeacon.org
Referer: http://www.google.com/search?q=harborlightbeacon.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=harborlightbeacon.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://harborlightbeacon.org/
Result: harborlightbeacon.org is not infected or malware details are not published yet.
Result: harborlightbeacon.org is not infected or malware details are not published yet.