Scanned pages/files
Request | Server response | Status |
http://windowsinternetsecurity.net/ | 200 OK Content-Length: 19890 Content-Type: text/html | clean |
http://www.google.com/cse/brand?form=cse-search-box | HTTP/1.1 302 Found Cache-Control: public, max-age=172800 Connection: close Date: Thu, 24 Sep 2015 06:05:22 GMT Age: 128461 Location: http://cse.google.com/cse/brand?form=cse-search-box Server: pfe Content-Length: 248 Content-Type: text/html; charset=UTF-8 Expires: Sat, 26 Sep 2015 06:05:22 GMT Content-Disposition: attachment; filename="f.txt" X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://cse.google.com/cse/brand?form=cse-search-box | 200 OK Content-Length: 2483 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 28165 Content-Type: text/javascript | clean |
http://windowsinternetsecurity.net/wp-content/themes/c5/scripts.v68.js | 200 OK Content-Length: 112363 Content-Type: application/javascript | clean |
http://windowsinternetsecurity.net/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20130122 | 200 OK Content-Length: 1378 Content-Type: application/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201529 | 200 OK Content-Length: 9885 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2015Julaa | 200 OK Content-Length: 20650 Content-Type: application/x-javascript | clean |
http://windowsinternetsecurity.net/wp-content/plugins/jetpack/modules/wpgroho.js | 200 OK Content-Length: 959 Content-Type: application/javascript | clean |
http://stats.wp.com/e-201529.js | 200 OK Content-Length: 3334 Content-Type: application/x-javascript | clean |
http://windowsinternetsecurity.net/feed/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://windowsinternetsecurity.net/test404page.js | 200 OK Content-Length: 14188 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by ACID Rain <html>
<script src='http://adithya.googlecode.com/files/Apctrl%2Bu.js' type='text/javascript'></script> <head> <title>Hacked by ACID Rain</title> <link rel="openid.server" href="http://www.blogger.com/openid-server.g" /> <link href='http://fonts.googleapis.com/css?family=Candal' rel='stylesheet' type='text/css'> <style type="text/css"> /* Coded by D@rk 3rror*/ @import url(http://fonts.googleapis.com/css?family=Share+Tech); body { background:black url('http://www.crazykens.com/pictures/web/ho ...[16317 bytes skipped]... | ||
http://adithya.googlecode.com/files/Apctrl%2Bu.js | 404 Not Found Content-Length: 1580 Content-Type: text/html | clean |
http://adithya.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1561 Content-Type: text/html | clean |
http://adithya.googlecode.com/test404page.js | 404 Not Found Content-Length: 1575 Content-Type: text/html | clean |
http://windowsinternetsecurity.net//www.google.com/ | 200 OK Content-Length: 14188 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: windowsinternetsecurity.net
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Fri, 25 Sep 2015 17:46:23 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Vary: Accept-Encoding,Cookie
Content-Length: 19890
Content-Type: text/html; charset=UTF-8
Expires: Fri, 25 Sep 2015 17:46:26 GMT
Last-Modified: Thu, 16 Jul 2015 17:54:05 GMT
...19890 bytes of data.
GET / HTTP/1.1
Host: windowsinternetsecurity.net
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3, must-revalidate
Connection: close
Date: Fri, 25 Sep 2015 17:46:23 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Vary: Accept-Encoding,Cookie
Content-Length: 19890
Content-Type: text/html; charset=UTF-8
Expires: Fri, 25 Sep 2015 17:46:26 GMT
Last-Modified: Thu, 16 Jul 2015 17:54:05 GMT
...19890 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: windowsinternetsecurity.net
Referer: http://www.google.com/search?q=windowsinternetsecurity.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: windowsinternetsecurity.net
Referer: http://www.google.com/search?q=windowsinternetsecurity.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=windowsinternetsecurity.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://windowsinternetsecurity.net/
Result: windowsinternetsecurity.net is not infected or malware details are not published yet.
Result: windowsinternetsecurity.net is not infected or malware details are not published yet.