Scanned pages/files
| Request | Server response | Status |
http://thelunchpalace.com/ | HTTP/1.1 200 OK Connection: close Date: Wed, 22 Apr 2015 09:25:09 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html | clean |
https://www.facebook.com/ant.hacktim | HTTP/1.1 200 OK Cache-Control: private, no-cache, no-store, must-revalidate Connection: close Date: Wed, 22 Apr 2015 09:25:10 GMT Pragma: no-cache Vary: Accept-Encoding Content-Type: text/html Expires: Sat, 01 Jan 2000 00:00:00 GMT P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p" Set-Cookie: datr=9mg3VTGerDNCcCsYpT2AqldC; expires=Fri, 21-Apr-2017 09:25:10 GMT; Max-Age=63072000; path=/; domain=.facebook.com; httponly Set-Cookie: reg_ext_ref=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=.facebook.com Set-Cookie: reg_fb_ref=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim; path=/; domain=.facebook.com; httponly Set-Cookie: reg_fb_gate=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim; path=/; domain=.facebook.com; httponly Strict-Transport-Security: max-age=15552000; preload X-Content-Type-Options: nosniff X-FB-Debug: 08shW31JOolFcs228xii/kXR7fCOYn6fWOL0SS3B53Zpi3yWylhOfpuDlMN5Env059IwbfjlC1w4LoHLbDTEiA== X-Frame-Options: DENY X-UA-Compatible: IE=edge,chrome=1 X-XSS-Protection: 0 | clean |
https://www.facebook.com/ant.hacktim?_fb_noscript=1 | 200 OK Content-Length: 300537 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY A.N.T ...[190843 bytes skipped]... href="http://l.facebook.com/l.php?u=http%3A%2F%2Fwww.masterdom-brus.ru%2F&h=ZAQGqIa4h&s=1" rel="nofollow" target="_blank" onmouseover="LinkshimAsyncLink.swap(this, "http:\/\/www.masterdom-brus.ru\/");" onclick="LinkshimAsyncLink.swap(this, "http:\/\/l.facebook.com\/l.php?u=http\u00253A\u00252F\u00252Fwww.masterdom-brus.ru\u00252F&h=ZAQGqIa4h&s=1");">HACKED BY A.N.T</a></div><div class="_6ma"><div class="_6m7"></div><div class="_59tj"><div class="_6lz _6mb ellipsis">www.masterdom-brus.ru</div></div></div></div><a class="_52c6" href="http://l.facebook.com/l.php?u=http%3A%2F%2Fwww.masterdom-brus.ru%2F&h=eAQE8fgAbAQHYhWDOu-YjJIpcx0RyTsBlXgP0PUEqx2EojQ&enc=AZPfEK3J-LlWWucM1fMNpaBXaYGBBHCdEbksyiMywqiB08P8ZrYyuL_HHwbfyUDTrQyewdtHhjeBEMSt9jZxT9asr0F2NuFTwJAwxar ...[146012 bytes skipped]... | ||
https://fbstatic-a.akamaihd.net/rsrc.php/v2/y6/r/7NOuOmwiLIS.js | 200 OK Content-Length: 106073 Content-Type: application/x-javascript | clean |
http://thelunchpalace.com/pages/create/?ref_type=page_profile_button&ref_id=735695683175046 | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
http://thelunchpalace.com/test404page.js | 404 Not Found Content-Length: 399 Content-Type: text/html | clean |
http://thelunchpalace.com/r.php?profile_id=735695683175046&next=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim&friend_or_subscriber=friend | 404 Not Found Content-Length: 390 Content-Type: text/html | clean |
http://thelunchpalace.com/login/?next=https%3A%2F%2Fwww.facebook.com%2Fant.hacktim | 404 Not Found Content-Length: 391 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/a.735697386508209.1073741827.735695683175046/787136511364296/?type=1 | 404 Not Found Content-Length: 465 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/a.735696129841668.1073741825.735695683175046/735696139841667/?type=1&source=11 | 404 Not Found Content-Length: 465 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./805565256188088/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./804849679592979/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./804039839673963/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./803924949685452/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./803412766403337/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./803345046410109/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
http://thelunchpalace.com/ant.hacktim/photos/pb.735695683175046.-2207520000.1429694712./802905459787401/?type=1 | 404 Not Found Content-Length: 463 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thelunchpalace.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Apr 2015 09:25:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: thelunchpalace.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Apr 2015 09:25:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: thelunchpalace.com
Referer: http://www.google.com/search?q=thelunchpalace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thelunchpalace.com
Referer: http://www.google.com/search?q=thelunchpalace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thelunchpalace.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thelunchpalace.com/
Result: thelunchpalace.com is not infected or malware details are not published yet.
Result: thelunchpalace.com is not infected or malware details are not published yet.