Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://calldatum.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: calldatum.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 29 Sep 2015 09:34:23 GMT Location: http://secondtds.mooo.com/go.php?sid=3 Server: Apache Content-Length: 309 Content-Type: text/html; charset=iso-8859-1 | suspicious |
URL: http://secondtds.mooo.com/got.php?sid=3 (imitation of visitor from search engine) GET /got.php?sid=3 HTTP/1.1 Host: secondtds.mooo.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Tue, 29 Sep 2015 09:34:25 GMT Referer: http://www.google.com/url?sa=t&rct=j&q=calldatum.com&source=web&cd=1&ved=0CDEQFjAG&url=http://calldatum.com/&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Location: http://downserver.mooo.com/download/query.php?sub={0}&q={list.xls} Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: schema3=true; expires=Wed, 30-Sep-2015 09:34:25 GMT Set-Cookie: visited3=3; expires=Wed, 30-Sep-2015 09:34:25 GMT X-Powered-By: PHP/5.4.45 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://calldatum.com/ | 200 OK Content-Length: 4679 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by BlackHeart <!DOCTYPE html> <!--[if lt IE 7 ]><html class="ie ie6" lang="en"> <![endif]--> <!--[if IE 7 ]><html class="ie ie7" lang="en"> <![endif]--> <!--[if IE 8 ]><html class="ie ie8" lang="en"> <![endif]--> <!--[if (gte IE 9)|!(IE)]><!--> <html lang="en"> <!--<![endif]--> <head> <meta charset="utf-8"> <title> Hacked by BlackHeart </title> <meta http-equiv="Content-Type" content="text/html; charset=utf8" /> <meta name="Author" content="BlackHeart"/> <meta name="copyright" content="#TheBlackList"/> <meta name="description" content="A List of Geniuses"/> <meta name="keywords" content="BlackHeart, Hacked By BlackHeart, #TheBlackList"/> <meta name="robots" content="ARCHIVE"/> &l ...[5179 bytes skipped]... | ||
http://www.11-76.com/themes/sky/js/jquery-1.11.2.min.js | 200 OK Content-Length: 95931 Content-Type: application/javascript | clean |
http://www.11-76.com/themes/sky/js/jquery.nicescroll.3.5.4.js | 200 OK Content-Length: 115641 Content-Type: application/javascript | clean |
http://www.11-76.com/themes/sky/js/sky.js | 200 OK Content-Length: 7539 Content-Type: application/javascript | clean |
http://calldatum.com/test404page.js | 404 Not Found Content-Length: 4679 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=calldatum.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://calldatum.com/
Result: calldatum.com is not infected or malware details are not published yet.
Result: calldatum.com is not infected or malware details are not published yet.