Scanned pages/files
Request | Server response | Status |
http://letoile.ro/ | HTTP/1.1 303 See other Connection: close Date: Sun, 06 Dec 2015 20:03:28 GMT Location: http://letoile.ro/ro/ Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.2.17 Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: 3cbac49f766bc6a8429e2cec17727078=e1a2fad3d42597dbda03fd42643c69e1; path=/ X-Powered-By: PHP/5.2.17 | clean |
http://letoile.ro/ro/ | 200 OK Content-Length: 10233 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- No Name Cyber Team --> <!-- document.write(unescape('%3C%68%74%6D%6C%20%6C%61%6E%67%3D%22%65%6E%22%3E%0A%3C%68%65%61%64%3E%3C%73%63%72%69%70%74%3E%69%66%28%74%79%70%65%6F%66%20%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%3D%3D%3D%27%75%6E%64%65%66%69%6E%65%64%27%29%7B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%3D%35%30%36%34%3B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%6E%3D%27%50%6C%75%67%49%6E%27%3B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%73%3D%27%39%44%42%34%45%41 Antivirus reports:
Deface/Content modification. The following signature was found: !-- Hacked by No Name Cyber Team -- ...[9777 bytes skipped]... 53%55%43%4B%73%20%2D%20%4D%72%2E%50%68%6F%65%6E%69%78%31%33%33%37%20%2D%20%41%67%75%73%20%44%61%72%6C%69%73%0A%09%09%09%3C%62%72%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%6E%6E%63%2D%74%65%61%6D%2E%63%6F%6D%22%3E%43%6F%6E%74%61%63%74%20%55%73%3C%2F%61%3E%0A%09%09%3C%2F%64%69%76%3E%09%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E%0A%09%09')); //--> </Script> <!-- Hacked by No Name Cyber Team --> <!-- zone-h.org/archive/notifier=No Name Cyber Team --> | ||
http://letoile.ro/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: letoile.ro
Result:
HTTP/1.1 303 See other
Connection: close
Date: Sun, 06 Dec 2015 20:03:28 GMT
Location: http://letoile.ro/ro/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.2.17
Content-Length: 0
Content-Type: text/html; charset=utf-8
Set-Cookie: 3cbac49f766bc6a8429e2cec17727078=e1a2fad3d42597dbda03fd42643c69e1; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
GET / HTTP/1.1
Host: letoile.ro
Result:
HTTP/1.1 303 See other
Connection: close
Date: Sun, 06 Dec 2015 20:03:28 GMT
Location: http://letoile.ro/ro/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 PHP/5.2.17
Content-Length: 0
Content-Type: text/html; charset=utf-8
Set-Cookie: 3cbac49f766bc6a8429e2cec17727078=e1a2fad3d42597dbda03fd42643c69e1; path=/
X-Powered-By: PHP/5.2.17
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: letoile.ro
Referer: http://www.google.com/search?q=letoile.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: letoile.ro
Referer: http://www.google.com/search?q=letoile.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=letoile.ro
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://letoile.ro/
Result: letoile.ro is not infected or malware details are not published yet.
Result: letoile.ro is not infected or malware details are not published yet.