Scanned pages/files
Request | Server response | Status |
http://otavaloosi.org/ | 200 OK Content-Length: 6073 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: haCked By B0o3nAs <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml" xmlns="http://www.w3.org/TR/REC-html40"> <head> <script type="text/javascript"> var data="010101010101010101"; var text="haCked By B0o3nAs "; var done=1; statusIn(text); function statusIn(text){ var max=4; var delay=100; if (done){ done = 0; decrypt_helper(text, max, delay, 0, max); } } function decrypt_helper(text, runs_left, delay, charvar, max){ if (!done){ runs_left = runs_left - 1; //alert( runs_left); var status = text.substring(0,charvar); for(var current_char = ...[6664 bytes skipped]... | ||
http://127.0.0.1:4001/isrunning | 500 Can't connect to 127.0.0.1:4001 (Ð Ñоединении оÑказано) Content-Length: 217 Content-Type: text/plain | clean |
http://127.0.0.1:4001/test404page.js | 500 Can't connect to 127.0.0.1:4001 (Ð Ñоединении оÑказано) Content-Length: 217 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: otavaloosi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 Jan 2015 18:59:28 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: otavaloosi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 15 Jan 2015 18:59:28 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: otavaloosi.org
Referer: http://www.google.com/search?q=otavaloosi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: otavaloosi.org
Referer: http://www.google.com/search?q=otavaloosi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=otavaloosi.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://otavaloosi.org/
Result: otavaloosi.org is not infected or malware details are not published yet.
Result: otavaloosi.org is not infected or malware details are not published yet.