Scanned pages/files
| Request | Server response | Status |
http://fotovideocyc.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 15 May 2014 22:35:09 GMT Location: http://www.fotovideocyc.com/ Server: nginx/1.6.0 Content-Length: 302 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.fotovideocyc.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 15 May 2014 22:35:10 GMT Location: http://www.fotovideocyc.com/intro.html Server: nginx/1.6.0 Content-Length: 316 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.fotovideocyc.com/intro.html | 200 OK Content-Length: 7056 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED by ~|X-CROWN|* ...[6043 bytes skipped]... //document.write(text); </SCRIPT></center></h1></font> <br> <br> <br> <br> <center><FONT COLOR="red"><FONT SIZE=30><blink>"This Site Has Been Hacked"</blink></FONT></FONT></center> <center><FONT COLOR="white"><FONT SIZE=30><blink>HACKED by ~|X-CROWN|*</blink></FONT></FONT></center> <br> <center><img src="http://img69.imageshack.us/edit_preview.php?l=img69/9695/maju.gif&action=rotate" /> <br /> <center><img src = "https://m.ak.fbcdn.net/sphotos-a.ak/hphotos-ak-ash3/1240088_1377891232442797_1073262014_n.jpg"></center> <br> </center> <div style="text-shadow: 8px 9px 5px red;"> <center><FONT ...[2007 bytes skipped]... | ||
http://onattack.org/antiklik.js | 500 Can't connect to onattack.org:80 (Bad hostname) Content-Length: 156 Content-Type: text/plain | clean |
http://onattack.org/test404page.js | 500 Can't connect to onattack.org:80 (Bad hostname) Content-Length: 156 Content-Type: text/plain | clean |
https://sites.google.com/site/bloggerbondowosoblogspotcom/js/camera.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 15 May 2014 22:35:12 GMT Pragma: no-cache ETag: "1363016643834" Location: https://sites.google.com/site/bloggerbondowosoblogspotcom/js/camera.js?attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Last-Modified: Mon, 11 Mar 2013 15:44:03 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Robots-Tag: noarchive X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/bloggerbondowosoblogspotcom/js/camera.js?attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Thu, 15 May 2014 22:35:12 GMT Location: https://dc0a0857-a-62cb3a1a-s-sites.googlegroups.com/site/bloggerbondowosoblogspotcom/js/camera.js?attachauth=ANoY7cpJJNUBPaSPBAd0OltpmBmuwhaqX2_zo7QGLcPculwentQY4lut1v-nusRpt7qILOYt-wp_NbOC9N6gmKieML7NiBwtrKwIM7lLaAS9RZ2JtkfxlS17RGvSxUjchjBSwaWxMgzHsZLfwQJ-0qZpNkGL3snvJpR9Y3xWdrhJLHS1ipHXFJgzCQgTkBncFNsQ2iUeYoFvNntYEzCyAqJt0Hkz7KwyBVODN4JKUPQELt7DkU_bW0Q%3D&attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Thu, 15 May 2014 22:35:12 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://dc0a0857-a-62cb3a1a-s-sites.googlegroups.com/site/bloggerbondowosoblogspotcom/js/camera.js?attachauth=anoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnntyezcyaqjt0hkz7kwybvodn4jkupqelt7dku_bw0q%3d&attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Thu, 15 May 2014 22:35:12 GMT Location: https://www.google.com/a/UniversalLogin?service=jotspot&passive=1209600&continue=https://dc0a0857-a-62cb3a1a-s-sites.googlegroups.com/site/bloggerbondowosoblogspotcom/js/camera.js?attachauth%3Danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnntyezcyaqjt0hkz7kwybvodn4jkupqelt7dku_bw0q%253D%26attredirects%3D0&followup=https://dc0a0857-a-62cb3a1a-s-sites.googlegroups.com/site/bloggerbondowosoblogspotcom/js/camera.js?attachauth%3Danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnntyezcyaqjt0hkz7kwybvodn4jkupqelt7dku_bw0q%253D%26attredirects%3D0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Thu, 15 May 2014 22:35:12 GMT Alternate-Protocol: 443:quic X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/a/universallogin?service=jotspot&passive=1209600&continue=https://dc0a0857-a-62cb3a1a-s-sites.googlegroups.com/site/bloggerbondowosoblogspotcom/js/camera.js?attachauth%3danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnnt <span>...457 symbols skipped</span> | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Thu, 15 May 2014 22:35:12 GMT Location: /a/cpanel/universallogin?service=jotspot&passive=1209600&continue=https%3A%2F%2Fdc0a0857-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Fbloggerbondowosoblogspotcom%2Fjs%2Fcamera.js%3Fattachauth%3Danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnntyezcyaqjt0hkz7kwybvodn4jkupqelt7dku_bw0q%253d%26attredirects%3D0&followup=https%3A%2F%2Fdc0a0857-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Fbloggerbondowosoblogspotcom%2Fjs%2Fcamera.js%3Fattachauth%3Danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgzcqgtkbncfnsq2iueyofvnntyezcyaqjt0hkz7kwybvodn4jkupqelt7dku_bw0q%253d%26attredirects%3D0 Server: GSE Content-Length: 1068 Content-Type: text/html; charset=UTF-8 Expires: Thu, 15 May 2014 22:35:12 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/a/cpanel/universallogin?service=jotspot&passive=1209600&continue=https%3a%2f%2fdc0a0857-a-62cb3a1a-s-sites.googlegroups.com%2fsite%2fbloggerbondowosoblogspotcom%2fjs%2fcamera.js%3fattachauth%3danoy7cpjjnubpaspbad0oltpmbmuwhaqx2_zo7qglcpculwentqy4lut1v-nusrpt7qiloyt-wp_nboc9n6gmkieml7nibwtrkwim7llaas9rz2jtkfxls17rgvsxujchjbswawxmgzhszlfwqj-0qzpnkgl3snvjpr9y3xwdrhjlhs1iphxfjgz <span>...496 symbols skipped</span> | 404 Not Found Content-Length: 141 Content-Type: text/html | clean |
http://fotovideocyc.com/~site/Scripts_ExternalRedirect/ExternalRedirect.dll?CMD=CMDGetJavaScript&H_SITEID=RTK3&H_AltURL=%2f~site%2fRealTracker%2fibc90006.js&HSGOTOURL=http%3a%2f%2fweb4.realtracker.com%2fnetpoll%2fjs%2fibc90006.js | 403 Forbidden Content-Length: 17104 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://fotovideocyc.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://fotovideocyc.com/~site/Scripts_ExternalRedirect/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 15 May 2014 22:35:15 GMT Location: http://www.fotovideocyc.com/~site/Scripts_ExternalRedirect/ Server: nginx/1.6.0 Content-Length: 333 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.fotovideocyc.com/~site/scripts_externalredirect/ | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://www.fotovideocyc.com/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fotovideocyc.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 15 May 2014 22:35:09 GMT
Location: http://www.fotovideocyc.com/
Server: nginx/1.6.0
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1
...302 bytes of data.
GET / HTTP/1.1
Host: fotovideocyc.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 15 May 2014 22:35:09 GMT
Location: http://www.fotovideocyc.com/
Server: nginx/1.6.0
Content-Length: 302
Content-Type: text/html; charset=iso-8859-1
...302 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fotovideocyc.com
Referer: http://www.google.com/search?q=fotovideocyc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fotovideocyc.com
Referer: http://www.google.com/search?q=fotovideocyc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fotovideocyc.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fotovideocyc.com/
Result: fotovideocyc.com is not infected or malware details are not published yet.
Result: fotovideocyc.com is not infected or malware details are not published yet.