Scanned pages/files
Request | Server response | Status |
http://spider2.com/ | 200 OK Content-Length: 120390 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Dow Jones news hacked by 3rd party group being investigated ...[10623 bytes skipped]... .com/northrop-wants-to-see-the-army-show-its-new-hellhound/'>Northrop wants to see the Army show its new Hellhound</a> <span class="rss-date">October 18, 2015</span><div class="rssSummary"></div> <cite>iPhones Media</cite></li><li><a class='rsswidget' href='http://iphones.com/dow-jones-news-hacked-by-3rd-party-group-being-investigated/'>Dow Jones news hacked by 3rd party group being investigated</a> <span class="rss-date">October 18, 2015</span><div class="rssSummary"></div> <cite>iPhones Media</cite></li></ul></div></div></div><div id="text-46" class="widget widget_text"><div class="sidebar_widget_gap"><div class="sidebar_widget"> <div class="textwidget"><center> <script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogl ...[126642 bytes skipped]... | ||
http://spider2.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 28 Oct 2015 00:07:34 GMT Pragma: no-cache Location: http://spider2.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://developers.org/xmlrpc.php X-Powered-By: PHP/5.4.36 | clean |
http://spider2.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 115862 Content-Type: text/html | clean |
http://developers.org/wp-content/plugins/g-lock-double-opt-in-manager/js/glock2.min.js | 200 OK Content-Length: 69612 Content-Type: application/javascript | clean |
http://developers.org/wp-content/plugins/g-lock-double-opt-in-manager/js/gsom_s.min.js | 200 OK Content-Length: 4054 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function gsom_isEmail(a){return a.match(/\b([_a-z0-9-]+(\.[_a-z0-9-]+)*)@([_a-z0-9-]+(\.[_a-z0-9-]+)*)(\.([a-z]{2,10}))\b/gi)}function gsmoStripSymbols(a){return a.replace(/[\s]+/g,"_").replace(/[^A-Za-z0-9\_]+/g,"").substring(0,20)}function gsomBuildForm(e){e=e||{};var b=e.arr||[],d=e.place||"gsom-fields-list",a=e.makeDivs||false,c=a?"div":"li";if(glock.isDef(b)){for(var f=0;f<b.length;f++){MakeFormFieldListItem({ul:d,label:b[f].label,type:b[f].type,value:b[f].value,name:b[f].name,checked:b[ Antivirus reports:
| ||
http://spider2.com/test404page.js | 404 Not Found Content-Length: 115862 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: spider2.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Oct 2015 00:07:30 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
X-Pingback: http://developers.org/xmlrpc.php
X-Powered-By: PHP/5.4.36
GET / HTTP/1.1
Host: spider2.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 Oct 2015 00:07:30 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
X-Pingback: http://developers.org/xmlrpc.php
X-Powered-By: PHP/5.4.36
Second query (visit from search engine):
GET / HTTP/1.1
Host: spider2.com
Referer: http://www.google.com/search?q=spider2.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: spider2.com
Referer: http://www.google.com/search?q=spider2.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spider2.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spider2.com/
Result: spider2.com is not infected or malware details are not published yet.
Result: spider2.com is not infected or malware details are not published yet.