Scanned pages/files
| Request | Server response | Status |
http://shady-cottage.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 14 Nov 2015 21:15:27 GMT Location: http://www.shady-cottage.com Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 355 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.shady-cottage.com/ | 200 OK Content-Length: 13147 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-/title+AD4-HACKED BY AMAR+AF4-SHG +ACY Mauritania C'+ANAA6Q-rs+ADw-DIV style+AD0AIg-DISPLA <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xml:lang="en-US"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-7" /> <title>+ADw-/title+AD4-HACKED BY AMAR+AF4-SHG +ACY Mauritania C'+ANAA6Q-rs+ADw-DIV style+AD0AIg-DISPLAY ...[14847 bytes skipped]... | ||
http://www.shady-cottage.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-content/plugins/brainhost-plugin/script.js?ver=1.0 | 200 OK Content-Length: 821 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-content/plugins/dynamic-content-gallery-plugin/js-mootools/scripts/mootools-1.2.4-core-jm.js | 200 OK Content-Length: 79833 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-content/plugins/dynamic-content-gallery-plugin/js-mootools/scripts/mootools-1.2.4.4-more.js | 200 OK Content-Length: 6901 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-content/plugins/dynamic-content-gallery-plugin/js-mootools/scripts/jd.gallery_1_2_4_4.js | 200 OK Content-Length: 28094 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-content/plugins/dynamic-content-gallery-plugin/js-mootools/scripts/jd.gallery.transitions_1_2_4_4.js | 200 OK Content-Length: 3232 Content-Type: application/javascript | clean |
http://www.shady-cottage.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20111117 | 200 OK Content-Length: 12501 Content-Type: application/javascript | clean |
http://shady-cottage.net/privacy-policy/ | 404 Not Found Content-Length: 451 Content-Type: text/html | clean |
http://shady-cottage.net/test404page.js | 404 Not Found Content-Length: 450 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shady-cottage.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 14 Nov 2015 21:15:27 GMT
Location: http://www.shady-cottage.com
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 355
Content-Type: text/html; charset=iso-8859-1
...355 bytes of data.
GET / HTTP/1.1
Host: shady-cottage.net
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 14 Nov 2015 21:15:27 GMT
Location: http://www.shady-cottage.com
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 355
Content-Type: text/html; charset=iso-8859-1
...355 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: shady-cottage.net
Referer: http://www.google.com/search?q=shady-cottage.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shady-cottage.net
Referer: http://www.google.com/search?q=shady-cottage.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shady-cottage.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shady-cottage.net/
Result: shady-cottage.net is not infected or malware details are not published yet.
Result: shady-cottage.net is not infected or malware details are not published yet.