Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=previously.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://previously.us/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://previously.us/ | 200 OK Content-Length: 113339 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Islamic State ...[5605 bytes skipped]... a:has(img)").not(".nolightbox").filter( function() { return /\.(jpe?g|png|gif|bmp)$/i.test(jQuery(this).attr('href')) }); jQuery("a.fancybox").fancybox({ 'cyclic': false, 'autoScale': false, 'padding': </script><html><head><style>body{background-color: black; color: transparent}</style></head><body><center><h1 style="color: red">Hacked by Islamic State</h1><img src="data:image/jpeg;base64,iVBORw0KGgoAAAANSUhEUgAAAkQAAAFFCAYAAAANVPJiAAAgAElEQVR4nOydeZwUxfn/Pz3Xzt677L3LwsJy34dBUBQRPAAVETFi1GC8Qcnvi+IRLxJjNPEiEr/eRmJExUSTeEWjSFQSEL4qKpfLci2wCCyw9+5c9fuD1KSmpqqnZ3ZhZp3n/XrVq2f6qHqqu7rq009VVxsAGAiCIAiCIJIYW7wNIAiCIAiCiDckiAiCIAiCSHpIEBEEQRAEkfSQICIIgiAIIukhQUQQBEEQRNJDgoggCIIgiKSHBBFBEARBEEkPCSKCOI7k5uZixowZsNvt8TaFIAiCECBBRBDHibKyMjzxxBNYvnw5hg8fHm9zCIIgCAE7gEXxNoIgvu+UlpZi6dKlOO+882AYBgYOHIi3334bLS0t8TatS5CSkoJJ ...[114558 bytes skipped]... | ||
http://previously.us//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 08 Mar 2015 14:52:17 GMT Pragma: no-cache Location: http://previously.us/ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/ Server: Apache/2.2.22 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://previously.us/xmlrpc.php X-Powered-By: PHP/5.3.10-1ubuntu3.16 | clean |
http://previously.us/ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js/ | 404 Not Found Content-Length: 91259 Content-Type: text/html | clean |
http://previously.us/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://previously.us/wp-content/themes/modularity-lite/js/nav.js?ver=3.9.1 | 200 OK Content-Length: 1290 Content-Type: application/javascript | clean |
http://previously.us/wp-content/themes/modularity-lite/js/jquery.cycle.js?ver=3.9.1 | 200 OK Content-Length: 28862 Content-Type: application/javascript | clean |
http://previously.us/wp-content/themes/modularity-lite/js/search.js?ver=3.9.1 | 200 OK Content-Length: 774 Content-Type: application/javascript | clean |
http://previously.us/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.4 | 200 OK Content-Length: 15667 Content-Type: application/javascript | clean |
http://previously.us/wp-content/plugins/audio-player/assets/audio-player.js?ver=2.0.4.6 | 200 OK Content-Length: 29366 Content-Type: application/javascript | clean |
http://previously.us/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.15 | 200 OK Content-Length: 14760 Content-Type: application/javascript | clean |
http://previously.us/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3 | 200 OK Content-Length: 6859 Content-Type: application/javascript | clean |
http://previously.us/category/series/2-broke-girls/ | 200 OK Content-Length: 98139 Content-Type: text/html | clean |
http://feedproxy.google.com/~s/previouslyus?i=http://previously.us/2011/10/27/previously-13th-episode/ | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Sun, 08 Mar 2015 14:52:13 GMT Accept-Ranges: none Location: http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2011/10/27/previously-13th-episode/ Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Sun, 08 Mar 2015 14:52:13 GMT Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2011/10/27/previously-13th-episode/ | 200 OK Content-Length: 1498 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: previously.us document.write('<p class="feedburnerFlareBlock">'); document.write('<a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle\x3dPreviously%3A%2013th%20Episode\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fpreviously-13th-episode%2F" class="first">Email this</a>'); document.write('<span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to\x3dinfo%40previously.us\x26itemTitle\x3dPreviously%3A%2013th%20Episode\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fpreviously-13th-episode%2F">Email the author</a>'); document.write('<span> • < ...[972 bytes skipped]... Decoded script: <p class="feedburnerFlareBlock"><a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle=Previously%3A%2013th%20Episode&uri=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fpreviously-13th-episode%2F" class="first">Email this</a><span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to=info%40previously.us&itemTitle=Previously%3A%2013th%20Episode&uri=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fpreviously-13th-episode%2F">Email the author</a><span> • </span><span> • </span><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fpreviously-13th-episode%2F">Share on Facebook</a></p> | ||
http://feedproxy.google.com/~s/previouslyus?i=http://previously.us/2011/10/27/new-fall-season-2011/ | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Sun, 08 Mar 2015 14:52:13 GMT Accept-Ranges: none Location: http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2011/10/27/new-fall-season-2011/ Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Sun, 08 Mar 2015 14:52:13 GMT Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2011/10/27/new-fall-season-2011/ | 200 OK Content-Length: 1478 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: previously.us document.write('<p class="feedburnerFlareBlock">'); document.write('<a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle\x3dNew%20Fall%20Season%202011\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fnew-fall-season-2011%2F" class="first">Email this</a>'); document.write('<span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to\x3dinfo%40previously.us\x26itemTitle\x3dNew%20Fall%20Season%202011\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fnew-fall-season-2011%2F">Email the author</a>'); document.write('<span> • </span> ...[956 bytes skipped]... Decoded script: <p class="feedburnerFlareBlock"><a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle=New%20Fall%20Season%202011&uri=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fnew-fall-season-2011%2F" class="first">Email this</a><span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to=info%40previously.us&itemTitle=New%20Fall%20Season%202011&uri=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fnew-fall-season-2011%2F">Email the author</a><span> • </span><span> • </span><a href="http://www.facebook.com/share.php?u=http%3A%2F%2Fpreviously.us%2F2011%2F10%2F27%2Fnew-fall-season-2011%2F">Share on Facebook</a></p> | ||
http://previously.us/category/series/90210-series/ | 200 OK Content-Length: 94623 Content-Type: text/html | clean |
http://feedproxy.google.com/~s/previouslyus?i=http://previously.us/2010/12/23/previously-8th-episode-christmas-stressmas-special/ | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Sun, 08 Mar 2015 14:52:14 GMT Accept-Ranges: none Location: http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2010/12/23/previously-8th-episode-christmas-stressmas-special/ Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Sun, 08 Mar 2015 14:52:14 GMT Alternate-Protocol: 80:quic,p=0.08 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
http://feeds.feedburner.com/~s/previouslyus?i=http://previously.us/2010/12/23/previously-8th-episode-christmas-stressmas-special/ | 200 OK Content-Length: 1690 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: previously.us document.write('<p class="feedburnerFlareBlock">'); document.write('<a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle\x3dPreviously%3A%208th%20Episode%3A%20Christmas%20%26%20Stressmas%20Special\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2010%2F12%2F23%2Fpreviously-8th-episode-christmas-stressmas-special%2F" class="first">Email this</a>'); document.write('<span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to\x3dinfo%40previously.us\x26itemTitle\x3dPreviously%3A%208th%20Episode%3A%20Christmas%20%26%20Stressmas%20Special\x26uri\x3dhttp%3A%2F%2Fpreviously.us%2F2010%2F12%2F23%2Fpreviously-8th-episode-christmas-stressm ...[1122 bytes skipped]... Decoded script: <p class="feedburnerFlareBlock"><a href="http://feedburner.google.com/fb/a/emailFlare?itemTitle=Previously%3A%208th%20Episode%3A%20Christmas%20%26%20Stressmas%20Special&uri=http%3A%2F%2Fpreviously.us%2F2010%2F12%2F23%2Fpreviously-8th-episode-christmas-stressmas-special%2F" class="first">Email this</a><span> • </span><a href="http://feedburner.google.com/fb/a/emailFlare?to=info%40previously.us&itemTitle=Previously%3A%208th%20Episode%3A%20Christmas%20%26%20Stressmas%20Special&uri=http%3A%2F%2Fpreviously.us%2F2010%2F12%2F23%2Fpreviously-8th-episode-christmas-stressmas-special%2F">Email the aut ...[283 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: previously.us
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 14:52:16 GMT
Server: Apache/2.2.22
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://previously.us/xmlrpc.php
X-Powered-By: PHP/5.3.10-1ubuntu3.16
GET / HTTP/1.1
Host: previously.us
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 08 Mar 2015 14:52:16 GMT
Server: Apache/2.2.22
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://previously.us/xmlrpc.php
X-Powered-By: PHP/5.3.10-1ubuntu3.16
Second query (visit from search engine):
GET / HTTP/1.1
Host: previously.us
Referer: http://www.google.com/search?q=previously.us
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: previously.us
Referer: http://www.google.com/search?q=previously.us
Result:
The result is similar to the first query. There are no suspicious redirects found.