Scanned pages/files
Request | Server response | Status |
http://infosecportal.com/ | 200 OK Content-Length: 78936 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Anthem hacked by Heartbleed? ...[46819 bytes skipped]... t;/a> <a class='rsswidget' href='https://www.trustedsec.com/'>TrustedSec</a></p><ul><li><a class='rsswidget' href='https://www.trustedsec.com/february-2015/social-engineer-toolkit-set-v6-2-released/'>The Social-Engineer Toolkit (SET) v6.2 released</a></li><li><a class='rsswidget' href='https://www.trustedsec.com/february-2015/anthem-hacked-heartbleed/'>Anthem hacked by Heartbleed?</a></li><li><a class='rsswidget' href='https://www.trustedsec.com/february-2015/anthem-breached-hunt-pii/'>Anthem Breached: The Hunt for PII</a></li><li><a class='rsswidget' href='https://www.trustedsec.com/january-2015/account-hunting-invoke-tokenmanipulation/'>Account Hunting for Invoke-TokenManipulation</a></li><li><a class='rsswidget' href='https://www.trustedsec.com/january-2015/ships-version-1-1 ...[48483 bytes skipped]... | ||
http://wifisec.com/wp-includes/js/jquery/jquery.js | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-includes/js/jquery/jquery-migrate.min.js | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/html5.js | 200 OK Content-Length: 2487 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/placeholders.js | 200 OK Content-Length: 3962 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/scroll-to-top.js | 200 OK Content-Length: 530 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/menubox.js | 200 OK Content-Length: 356 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/selectnav.js | 200 OK Content-Length: 3744 Content-Type: application/x-javascript | clean |
http://wifisec.com/wp-content/themes/foreverwood/js/responsive.js | 200 OK Content-Length: 67 Content-Type: application/x-javascript | clean |
http://infosecportal.com/test404page.js | 404 Not Found Content-Length: 66066 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: infosecportal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 14 Mar 2015 11:35:13 GMT
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Content-Length: 78936
Content-Type: text/html; charset=UTF-8
X-Pingback: http://wifisec.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...78936 bytes of data.
GET / HTTP/1.1
Host: infosecportal.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 14 Mar 2015 11:35:13 GMT
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Content-Length: 78936
Content-Type: text/html; charset=UTF-8
X-Pingback: http://wifisec.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
...78936 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: infosecportal.com
Referer: http://www.google.com/search?q=infosecportal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: infosecportal.com
Referer: http://www.google.com/search?q=infosecportal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=infosecportal.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://infosecportal.com/
Result: infosecportal.com is not infected or malware details are not published yet.
Result: infosecportal.com is not infected or malware details are not published yet.