Scanned pages/files
Request | Server response | Status |
http://appleshuo.com/ | 200 OK Content-Length: 1742 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: zonehmirrors.org ...[950 bytes skipped]... > <center><a href="http://www.google.com/search?q=Nabilaholic404"/> <img src="http://1.bp.blogspot.com/-jgpuGHnh_JM/VDpeL-WdmiI/AAAAAAAAz1c/h0Eg7G-IZDs/s1600/black%2Bfantasy%2Bpicture%2Bgirl%2Bwith%2Bgreen%2Beyes.jpg" width="490" height="330"/><a/><br /> <font face="Courier New" size="2" color="#ff00"><b>[#] w00t... pwn3d by nabilaholic404 !<img src="http://zonehmirrors.org/defaced/2014/08/01/c4hy0e.com/c4hy0e.com/111.gif"width="30" height="18"><b/></font><br> <font face="Courier New" size="2" font color="white">Garuda dot ID, Sandy-x207, Onix AQua, Pscript, Bebyyers404, Bekasi0d0nk, Veranda404, Yuneroz, Erza Jullian<br></font> <font face="Rockwell Condensed" color="#ff00" size="3">madura-cyber.org | yuyudhn@outlook.com</font></font><br> <br></td> ...[227 bytes skipped]... Deface/Content modification. The following signature was found: HacKeD by Nabilaholic404 <html><head> <title>HacKeD by Nabilaholic404</title> <meta name="robots" content="index, follow"> <link rel="SHORTCUT ICON" href="http://i.imgur.com/QYUFm5u.png"/> <meta name="description" content="Hacked by Nabilaholic404 - Owned by Nabilaholic404 - Defaced by nabilaholic404 - zone- h.org Submit Notified by Nabilaholic404" /> <meta name="googlebot" content="index,follow" /> <meta name="robots" ...[1616 bytes skipped]... | ||
http://appleshuo.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: appleshuo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Feb 2015 15:57:08 GMT
Via: 1.0 localhost (squid/3.1.20)
Accept-Ranges: bytes
Age: 478
ETag: "f217c3-6ce-50c3a619d4ea8"
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Length: 1742
Content-Type: text/html
Last-Modified: Fri, 09 Jan 2015 16:09:28 GMT
X-Cache: HIT from localhost
X-Cache-Lookup: HIT from localhost:80
...1742 bytes of data.
GET / HTTP/1.1
Host: appleshuo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Feb 2015 15:57:08 GMT
Via: 1.0 localhost (squid/3.1.20)
Accept-Ranges: bytes
Age: 478
ETag: "f217c3-6ce-50c3a619d4ea8"
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Length: 1742
Content-Type: text/html
Last-Modified: Fri, 09 Jan 2015 16:09:28 GMT
X-Cache: HIT from localhost
X-Cache-Lookup: HIT from localhost:80
...1742 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: appleshuo.com
Referer: http://www.google.com/search?q=appleshuo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: appleshuo.com
Referer: http://www.google.com/search?q=appleshuo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=appleshuo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://appleshuo.com/
Result: appleshuo.com is not infected or malware details are not published yet.
Result: appleshuo.com is not infected or malware details are not published yet.