Scanned pages/files
| Request | Server response | Status |
http://bangdiscount.com/ | 200 OK Content-Length: 32723 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: ҳ̸Ҳ̸ҳ Hacked By Maniak k4sur ҳ̸Ҳ̸ҳ <html> <link rel="icon" type="image/gif" href="http://i48.servimg.com/u/f48/16/08/07/74/indone10.gif"> <head> <title>ҳ̸Ҳ̸ҳ Hacked By Maniak k4sur ҳ̸Ҳ̸ҳ</title> <style type="text/css"><!-- a:link{color:#ffffff;text-decoration:no ...[19535 bytes skipped]... | ||
http://deby-angel.webs.com/Myjs/snowstrom.js | 410 Gone Content-Length: 19163 Content-Type: text/html | clean |
http://deby-angel.webs.com//assets.zendesk.com/external/zenbox/v2.6/zenbox.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 31 Mar 2014 19:38:15 GMT Location: http://deby-angel.webs.com/assets.zendesk.com/external/zenbox/v2.6/zenbox.js/ Server: Webs.com/1.0 Content-Length: 0 | clean |
http://deby-angel.webs.com/assets.zendesk.com/external/zenbox/v2.6/zenbox.js/ | 410 Gone Content-Length: 19163 Content-Type: text/html | clean |
http://deby-angel.webs.com/test404page.js | 410 Gone Content-Length: 19163 Content-Type: text/html | clean |
http://deby-angel.webs.com/ | 410 Gone Content-Length: 19163 Content-Type: text/html | clean |
http://deby-angel.webs.com/Myjs/ | 410 Gone Content-Length: 19163 Content-Type: text/html | clean |
http://www.sis-kj.com/js/3.js | 404 Not Found Content-Length: 476 Content-Type: text/html | clean |
http://agungosx.googlepages.com/saljubirumuda.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 31 Mar 2014 19:38:19 GMT Location: http://sites.google.com/site/agungosx/saljubirumuda.js Server: ghs Content-Length: 251 Content-Type: text/html; charset=UTF-8 Alternate-Protocol: 80:quic X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
http://sites.google.com/site/agungosx/saljubirumuda.js | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Mon, 31 Mar 2014 19:38:19 GMT Location: https://sites.google.com/site/agungosx/saljubirumuda.js Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 31 Mar 2014 19:38:19 GMT Alternate-Protocol: 80:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/agungosx/saljubirumuda.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Mon, 31 Mar 2014 19:38:19 GMT Pragma: no-cache ETag: "1267507573238" Location: https://sites.google.com/site/agungosx/saljubirumuda.js?attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Last-Modified: Tue, 02 Mar 2010 05:26:13 GMT X-Content-Type-Options: nosniff X-Robots-Tag: noarchive X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/agungosx/saljubirumuda.js?attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Mon, 31 Mar 2014 19:38:20 GMT Location: https://1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com/site/agungosx/saljubirumuda.js?attachauth=ANoY7cpNBMbsk6ASbEIDh6by3d4YNKBfo6_4WZ3C1vyjXQL4im736PBPigd9CPDdzNKwmvo1zukQG9NeYhMSHjzn30G0jHjaf3OHNHOY4Ed-W5z1BBSC144WFAjDbwO3op4CG9GrRsdSDumczuWuduGVxTcPjcCBIAqSiu1bYDHVS_JRUYbihtkITc4oKP8VHinQj2qdTwCgAFGwr40q8NmW1Y_WC26spw%3D%3D&attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 31 Mar 2014 19:38:20 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com/site/agungosx/saljubirumuda.js?attachauth=anoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc26spw%3d%3d&attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Mon, 31 Mar 2014 19:38:20 GMT Location: https://www.google.com/a/UniversalLogin?service=jotspot&passive=1209600&continue=https://1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com/site/agungosx/saljubirumuda.js?attachauth%3Danoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc26spw%253D%253D%26attredirects%3D0&followup=https://1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com/site/agungosx/saljubirumuda.js?attachauth%3Danoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc26spw%253D%253D%26attredirects%3D0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Mon, 31 Mar 2014 19:38:20 GMT Alternate-Protocol: 443:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/a/universallogin?service=jotspot&passive=1209600&continue=https://1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com/site/agungosx/saljubirumuda.js?attachauth%3danoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc2 <span>...395 symbols skipped</span> | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Mon, 31 Mar 2014 19:38:20 GMT Location: /a/cpanel/universallogin?service=jotspot&passive=1209600&continue=https%3A%2F%2F1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Fagungosx%2Fsaljubirumuda.js%3Fattachauth%3Danoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc26spw%253d%253d%26attredirects%3D0&followup=https%3A%2F%2F1c6f40a4-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Fagungosx%2Fsaljubirumuda.js%3Fattachauth%3Danoy7cpnbmbsk6asbeidh6by3d4ynkbfo6_4wz3c1vyjxql4im736pbpigd9cpddznkwmvo1zukqg9neyhmshjzn30g0jhjaf3ohnhoy4ed-w5z1bbsc144wfajdbwo3op4cg9grrsdsdumczuwudugvxtcpjccbiaqsiu1bydhvs_jruybihtkitc4okp8vhinqj2qdtwcgafgwr40q8nmw1y_wc26spw%253d%253d%26attredirects%3D0 Server: GSE Content-Length: 1002 Content-Type: text/html; charset=UTF-8 Expires: Mon, 31 Mar 2014 19:38:20 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bangdiscount.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 31 Mar 2014 19:38:14 GMT
Accept-Ranges: bytes
ETag: "6f03a93-7fd3-4e4fcfc5282c0"
Server: Apache
Content-Length: 32723
Content-Type: text/html
Last-Modified: Wed, 28 Aug 2013 07:32:03 GMT
...32723 bytes of data.
GET / HTTP/1.1
Host: bangdiscount.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 31 Mar 2014 19:38:14 GMT
Accept-Ranges: bytes
ETag: "6f03a93-7fd3-4e4fcfc5282c0"
Server: Apache
Content-Length: 32723
Content-Type: text/html
Last-Modified: Wed, 28 Aug 2013 07:32:03 GMT
...32723 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bangdiscount.com
Referer: http://www.google.com/search?q=bangdiscount.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bangdiscount.com
Referer: http://www.google.com/search?q=bangdiscount.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bangdiscount.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bangdiscount.com/
Result: bangdiscount.com is not infected or malware details are not published yet.
Result: bangdiscount.com is not infected or malware details are not published yet.