Scanned pages/files
Request | Server response | Status |
http://nddns.net/ | 200 OK Content-Length: 38787 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY LULZSEC SABAH ...[25561 bytes skipped]... moz-linear-gradient(top, #fae2e2, #f2cacb); filter: progid:DXImageTransform.Microsoft.gradient(startColorstr='#fae2e2', endColorstr='#f2cacb'); color: #be4741; text-shadow: 0 1px 0 #fff;" > <marquee ONMOUSEOVER = stop(); ONMOUSEOUT = start(); SCROLLAMOUNT ="3"> <font size="3"> <p>HACKED BY LULZSEC SABAH</p> <p> </p> <p><a href="https://www.facebook.com/groups/Lulzsec.Sabah/"><img alt="" src="https://fbcdn-sphotos-a-a.akamaihd.net/hphotos-ak-xfa1/t1.0-9/10420242_290951811080702_3311194814943158985_n.jpg" style="height:357px; width:583px" /></a></p> <p> </p> <p> </p> ...[20432 bytes skipped]... | ||
http://nddns.net/./fancybox/lib/jquery-1.8.2.min.js | 200 OK Content-Length: 93435 Content-Type: application/x-javascript | clean |
http://nddns.net/js/jquery.jcarousel.pack.js | 200 OK Content-Length: 8882 Content-Type: application/x-javascript | clean |
http://nddns.net/js/jquery-func.js | 200 OK Content-Length: 1037 Content-Type: application/x-javascript | clean |
http://nddns.net/./menu/tree_frog_slide/stuHover.js | 200 OK Content-Length: 929 Content-Type: application/x-javascript | clean |
http://nddns.net/./fancybox/lib/jquery.mousewheel-3.0.6.pack.js | 200 OK Content-Length: 1384 Content-Type: application/x-javascript | clean |
http://nddns.net/./fancybox/source/jquery.fancybox.js?v=2.1.3 | 200 OK Content-Length: 50048 Content-Type: application/x-javascript | clean |
http://nddns.net/./fancybox/source/helpers/jquery.fancybox-buttons.js?v=1.0.5 | 200 OK Content-Length: 3003 Content-Type: application/x-javascript | clean |
http://nddns.net/./fancybox/source/helpers/jquery.fancybox-thumbs.js?v=1.0.7 | 200 OK Content-Length: 3836 Content-Type: application/x-javascript | clean |
http://nddns.net/./fancybox/source/helpers/jquery.fancybox-media.js?v=1.0.5 | 200 OK Content-Length: 5169 Content-Type: application/x-javascript | clean |
http://nddns.net/./ | 200 OK Content-Length: 38787 Content-Type: text/html | clean |
http://nddns.net/././fancybox/lib/jquery-1.8.2.min.js | 200 OK Content-Length: 93435 Content-Type: application/x-javascript | clean |
http://nddns.net/./js/jquery.jcarousel.pack.js | 200 OK Content-Length: 8882 Content-Type: application/x-javascript | clean |
http://nddns.net/./js/jquery-func.js | 200 OK Content-Length: 1037 Content-Type: application/x-javascript | clean |
http://nddns.net/././menu/tree_frog_slide/stuHover.js | 200 OK Content-Length: 929 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nddns.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Jun 2014 00:59:18 GMT
Server: nginx/1.2.1
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u9
GET / HTTP/1.1
Host: nddns.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Jun 2014 00:59:18 GMT
Server: nginx/1.2.1
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u9
Second query (visit from search engine):
GET / HTTP/1.1
Host: nddns.net
Referer: http://www.google.com/search?q=nddns.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nddns.net
Referer: http://www.google.com/search?q=nddns.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nddns.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nddns.net/
Result: nddns.net is not infected or malware details are not published yet.
Result: nddns.net is not infected or malware details are not published yet.