Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://financialfreedom365.us/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: financialfreedom365.us Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 30 Aug 2014 16:26:21 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 245 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://46.161.41.152/sds/go.php?sid=1 (imitation of visitor from search engine) GET /sds/go.php?sid=1 HTTP/1.1 Host: 46.161.41.152 Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sat, 30 Aug 2014 16:26:27 GMT Referer: http://www.google.com/url?sa=t&rct=j&q=financialfreedom365.us&source=web&cd=1&ved=0CDEQFjAG&url=http:%2F%2Ffinancialfreedom365.us%2F&ei=wC7yT5qCJbCCkQKtnwE&usg=AFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg Location: http://booleggs.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: schema1=true; expires=Sat, 06-Sep-2014 16:26:27 GMT Set-Cookie: visited1=1; expires=Sat, 06-Sep-2014 16:26:27 GMT X-Powered-By: PHP/5.4.4-14+deb7u14 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://financialfreedom365.us/ | 200 OK Content-Length: 3227 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By = HIMANSHU ...[950 bytes skipped]... px 20px;"><br /> WEBSITE</span> </span></span><br /> <center><img alt="http://kodbul.org/img/konuayirac/siyahyuruyen.gif"src="http://kodbul.org/img/konuayirac/siyahyuruyen.gif"></center> <span style="font-size: large;"><span style="color: rgb(255, 255, 255);"><span style="font-weight: bold; text-shadow: 0px 0px 10px;">Hacked By = HIMANSHU</span></span></span><span style="font-size: x-large;"><span style="color: rgb(51, 153, 102);"> </span></span><br /> <center><img alt="http://kodbul.org/img/konuayirac/siyahyuruyen.gif"src="http://kodbul.org/img/konuayirac/siyahyuruyen.gif"></center> <a href="https://www.facebook.com/sttyloxx">Check Out My Facebook Profile</a> <body oncontextmenu='return false;' onk ...[2482 bytes skipped]... | ||
http://financialfreedom365.us/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 30 Aug 2014 16:26:24 GMT Location: http://46.161.41.152/sds/go.php?sid=1 Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 221 Content-Type: text/html; charset=iso-8859-1 | clean |
http://46.161.41.152/sds/go.php?sid=1 | HTTP/1.1 302 Found Connection: close Date: Sat, 30 Aug 2014 16:26:30 GMT Referer: Location: http://booleggs.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: schema1=true; expires=Sat, 06-Sep-2014 16:26:30 GMT Set-Cookie: visited1=1; expires=Sat, 06-Sep-2014 16:26:30 GMT X-Powered-By: PHP/5.4.4-14+deb7u14 | clean |
http://booleggs.com/ | 403 Forbidden Content-Length: 276 Content-Type: text/html | clean |
http://booleggs.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=financialfreedom365.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://financialfreedom365.us/
Result: financialfreedom365.us is not infected or malware details are not published yet.
Result: financialfreedom365.us is not infected or malware details are not published yet.