Scanned pages/files
| Request | Server response | Status |
http://stemdlf.no/ | 200 OK Content-Length: 26229 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !-- HACKED BY MJ -- ...[9259 bytes skipped]... href="/stortingsprogram" title="Stortingsprogram">stortingsprogram</a>.</p> <p>Med utgangspunkt i vÃ¥rt politiske syn skrives <a href="/nk">nyhetskommentarer</a> til aktuelle saker hver ukedag. Ãnsker du Ã¥ diskutere DLFs politikk eller andre ting kan du delta i diskusjonene pÃ¥ vÃ¥rt <a href="/node/27" title="Forum">debattforum</a>.</p> <hr /> <!-- HACKED BY MJ --> </div> <div class="clear-block"> <div class="meta"> </div> </div> </div> <div id="block-views-simpleviews_1-block" class="clear-block block block-views"> <h2>Nyhetskommentarer</h2> <div class="content"><div class="view view-simpleviews-1 view-id-simpleviews_1 view-display-id-block view-dom-id-3"> <div class ...[24444 bytes skipped]... | ||
http://www.gmodules.com/ig/ifr?url=http://www.google.com/cse/api/013420630611020109656/cse/tlgxbti8w5s/gadget&synd=open&w=218&h=63&title=DLF+S%C3%B8kemotor&border=%23ffffff%7C3px%2C1px+solid+%23999999&output=js | 404 Not Found Content-Length: 141 Content-Type: text/html | clean |
http://www.gmodules.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.gmodules.com//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://www.statcounter.com/counter/counter.js | 200 OK Content-Length: 21400 Content-Type: application/x-javascript | clean |
http://stemdlf.no//www.google.com/ | 404 Not Found Content-Length: 4019 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stemdlf.no
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 16 Jul 2015 21:57:05 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 16 Jul 2015 21:57:05 GMT
Set-Cookie: SESS46125ca3ce7fc22d4c67c3f96b77ae3f=t3pqhhbldfq61hhf0ac9s92rf3; expires=Sun, 09-Aug-2015 01:30:25 GMT; path=/; domain=.stemdlf.no
X-Powered-By: PHP/5.3.3-7+squeeze26
GET / HTTP/1.1
Host: stemdlf.no
Result:
HTTP/1.1 200 OK
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 16 Jul 2015 21:57:05 GMT
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 16 Jul 2015 21:57:05 GMT
Set-Cookie: SESS46125ca3ce7fc22d4c67c3f96b77ae3f=t3pqhhbldfq61hhf0ac9s92rf3; expires=Sun, 09-Aug-2015 01:30:25 GMT; path=/; domain=.stemdlf.no
X-Powered-By: PHP/5.3.3-7+squeeze26
Second query (visit from search engine):
GET / HTTP/1.1
Host: stemdlf.no
Referer: http://www.google.com/search?q=stemdlf.no
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stemdlf.no
Referer: http://www.google.com/search?q=stemdlf.no
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stemdlf.no
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://stemdlf.no/
Result: stemdlf.no is not infected or malware details are not published yet.
Result: stemdlf.no is not infected or malware details are not published yet.