Scanned pages/files
Request | Server response | Status |
http://navy.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Dec 2015 13:48:48 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 2662 Location: http://www.navy.com/ Server: Apache Content-Length: 327 Content-Type: text/html; charset=iso-8859-1 X-Cache: HIT X-Frame-Options: SAMEORIGIN X-Varnish: 1372563724 1372517163 | clean |
http://www.navy.com/ | 200 OK Content-Length: 181332 Content-Type: text/html | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/ntpagetag.js | 200 OK Content-Length: 15566 Content-Type: application/x-javascript | clean |
http://navy.com/resources/templating-kit/themes/five/js/jquerynetinsight.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Dec 2015 13:48:50 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.navy.com/resources/templating-kit/themes/five/js/jquerynetinsight.js Server: Apache Content-Length: 386 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS X-Frame-Options: SAMEORIGIN X-Varnish: 1372563749 | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/jquerynetinsight.js | 200 OK Content-Length: 22391 Content-Type: application/x-javascript | clean |
http://navy.com/joining/ways-to-join.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Dec 2015 13:48:52 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.navy.com/joining/ways-to-join.html Server: Apache Content-Length: 352 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS X-Frame-Options: SAMEORIGIN X-Varnish: 1372563752 | clean |
http://www.navy.com/joining/ways-to-join.html | 200 OK Content-Length: 174318 Content-Type: text/html | clean |
http://www.navy.com/joining.html | 200 OK Content-Length: 171208 Content-Type: text/html | clean |
http://www.navy.com/careers.html | 200 OK Content-Length: 178865 Content-Type: text/html | clean |
http://www.navy.com/joining/ways-to-join/enlisted-sailors.html | 200 OK Content-Length: 165260 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="https://1377238.fls.doubleclick.net/activityi;src=1377238;type=Retar-;cat=HomeP-;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/vendor/modernizr.js | 200 OK Content-Length: 15094 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/vendor/jquery.js | 200 OK Content-Length: 84587 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/vendor/classie.js | 200 OK Content-Length: 1835 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/vendor/uisearch.js | 200 OK Content-Length: 6114 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/foundation/foundation.js | 200 OK Content-Length: 16599 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/foundation/foundation.equalizer.js | 200 OK Content-Length: 1906 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/foundation-js/foundation/foundation.accordion.js | 200 OK Content-Length: 1659 Content-Type: application/x-javascript | clean |
http://www.navy.com/resources/templating-kit/themes/five/js/updateBrowserAlert.js | 200 OK Content-Length: 936 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: navy.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Dec 2015 13:48:48 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 2662
Location: http://www.navy.com/
Server: Apache
Content-Length: 327
Content-Type: text/html; charset=iso-8859-1
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
X-Varnish: 1372563724 1372517163
...327 bytes of data.
GET / HTTP/1.1
Host: navy.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Dec 2015 13:48:48 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 2662
Location: http://www.navy.com/
Server: Apache
Content-Length: 327
Content-Type: text/html; charset=iso-8859-1
X-Cache: HIT
X-Frame-Options: SAMEORIGIN
X-Varnish: 1372563724 1372517163
...327 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: navy.com
Referer: http://www.google.com/search?q=navy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: navy.com
Referer: http://www.google.com/search?q=navy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=navy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://navy.com/
Result: navy.com is not infected or malware details are not published yet.
Result: navy.com is not infected or malware details are not published yet.