Scanned pages/files
| Request | Server response | Status |
http://lana-mya.fr/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 06:16:12 GMT Location: http://www.lana-mya.fr/ Server: Apache/2.4.9 (Ubuntu) Content-Length: 307 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lana-mya.fr/ | 200 OK Content-Length: 22985 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.abu-farhan.com ...[22053 bytes skipped]... pt> <!-- jQuery Call --> <script src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js' type='text/javascript'></script> <!-- End of jQuery Call --> <script type='text/javascript'> var starttab=0; var endtab=3; var sidebarname='main'; </script> <script type='text/javascript'> //<![CDATA[ /* Widget for blogger by www.abu-farhan.com copyright by Abu Farhan Dont edit without permission from the Copyright owner */ eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('7 g=o.w;d(g.x("y.z")!=-1){7 8=-1;7 e=-1}7 $3=A.B();$ ...[4304 bytes skipped]... Deface/Content modification. The following signature was found: Hacked By D3xeR <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<head> <title>Hacked By D3xeR</title> <style type="text/css">#navbar-iframe { display:block } </style> <style id='page-skin-1' type='text/css'><!-- /* ----------------------------------------------- Name: The Antagonist Designer: Jéssica Alves & João Alvarenga URL: http://www.be-insight.com Date: 09 Dec 2009 ----------------------------------------------- */ | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js | 200 OK Content-Length: 55272 Content-Type: text/javascript | clean |
http://lana-mya.fr/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 12 Jul 2014 06:16:14 GMT Location: http://www.lana-mya.fr/test404page.js Server: Apache/2.4.9 (Ubuntu) Content-Length: 321 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lana-mya.fr/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 12 Jul 2014 06:16:14 GMT Location: http://www.lana-mya.fr/ Server: Apache/2.4.9 (Ubuntu) Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lana-mya.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 12 Jul 2014 06:16:12 GMT
Location: http://www.lana-mya.fr/
Server: Apache/2.4.9 (Ubuntu)
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
...307 bytes of data.
GET / HTTP/1.1
Host: lana-mya.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 12 Jul 2014 06:16:12 GMT
Location: http://www.lana-mya.fr/
Server: Apache/2.4.9 (Ubuntu)
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
...307 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lana-mya.fr
Referer: http://www.google.com/search?q=lana-mya.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lana-mya.fr
Referer: http://www.google.com/search?q=lana-mya.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lana-mya.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lana-mya.fr/
Result: lana-mya.fr is not infected or malware details are not published yet.
Result: lana-mya.fr is not infected or malware details are not published yet.