Scanned pages/files
Request | Server response | Status |
http://drassured.com/ | 200 OK Content-Length: 4953 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Harimau Malaya Cyber Army <!-- 100% Coded by Luffy HMCA. Copy-Pasters are gays because they don't even know how to code. Copyright HARIMAU MALAYA CYBER ARMY 2011-2014. All Rights Reserved Fuck Those Who Steal This Script and Make It Their Own! Official Only! --> <title>Hacked by Harimau Malaya Cyber Army</title><link href='http://i.imgur.com/dPUJiFx.png ' rel='shortcut icon'/> <head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <meta name="description" content="You Have Been Hacked by Harimau Malaya Cyber Army"> <meta name="keywords" content="HMCA, Harimau, Malaya, Cyber, Army, Luffy"> <meta name="author" content="D4rk Shadow"> < ...[5124 bytes skipped]... | ||
https://www.blogger.com/static/v1/common/js/1912144495-csitail.js | 200 OK Content-Length: 2306 Content-Type: text/javascript | clean |
http://drassured.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Tue, 17 Jun 2014 05:12:13 GMT Location: http://www.gogvo.com/404.html Server: Apache Content-Length: 213 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.gogvo.com/404.html | HTTP/1.1 200 OK Connection: close Date: Tue, 17 Jun 2014 05:12:14 GMT Accept-Ranges: bytes Server: Apache Content-Length: 214 Content-Type: text/html Last-Modified: Fri, 25 Oct 2013 15:15:55 GMT | clean |
http://www.joeltherien.com/go/pureleverage | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 17 Jun 2014 05:12:25 GMT Location: http://www.launchv.com/cashapp Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.13 | clean |
http://www.launchv.com/cashapp | HTTP/1.1 302 Found Connection: close Date: Tue, 17 Jun 2014 05:12:15 GMT Location: http://www.launchv.com/?ref=cashapp Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 219 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.launchv.com/?ref=cashapp | 200 OK Content-Length: 2954 Content-Type: text/html | clean |
http://www.launchv.com/../go/?ref=cashapp | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
http://www.launchv.com/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/../go/?ref= | 400 Bad Request Content-Length: 2926 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: drassured.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Jun 2014 05:12:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 4953
Content-Type: text/html
Last-Modified: Wed, 04 Jun 2014 02:43:29 GMT
...4953 bytes of data.
GET / HTTP/1.1
Host: drassured.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 17 Jun 2014 05:12:12 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 4953
Content-Type: text/html
Last-Modified: Wed, 04 Jun 2014 02:43:29 GMT
...4953 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: drassured.com
Referer: http://www.google.com/search?q=drassured.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: drassured.com
Referer: http://www.google.com/search?q=drassured.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=drassured.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://drassured.com/
Result: drassured.com is not infected or malware details are not published yet.
Result: drassured.com is not infected or malware details are not published yet.