Scanned pages/files
| Request | Server response | Status |
http://grandparentingplace.com/ | 200 OK Content-Length: 10698 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ./FaaChan11 <HTML>
<script src="http://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js" type="text/javascript"></script> <style type="text/css"> body{cursor: url("http://i186.photobucket.com/albums/x100/amoebios_4m/nexuiz_default_cursor_1c.png"), auto;} </style></a> <html><head><title>Hacked By ./FaaChan11</title> <script language="JavaScript"> var numraindrops="150"; var speed="10"; var rainsize="2"; var wind="left"; var genxgallery=""; function tb5_makeArray(n){ this.length = n; return this.length; } tb5_messages = new tb5_makeArray(2); tb5_messages[0] = " [+] Hacked by ./FaaChan11 [+] "; tb5_messages[1] = " [+] Indonesia Cyber Attacker [+] "; tb5_rpt ...[12240 bytes skipped]... | ||
http://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Thu, 25 Sep 2014 21:46:36 GMT Location: https://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Thu, 25 Sep 2014 21:46:36 GMT Alternate-Protocol: 80:quic,p=0.002 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Thu, 25 Sep 2014 21:46:36 GMT Pragma: no-cache ETag: "1263019567512" Location: https://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Last-Modified: Sat, 09 Jan 2010 06:46:07 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Robots-Tag: noarchive X-XSS-Protection: 1; mode=block | clean |
https://sites.google.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Thu, 25 Sep 2014 21:46:37 GMT Location: https://16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attachauth=ANoY7co7BUczLaaNdsIegpaUVz6f8IkBSAzt2NuIS-L3PJMX8-bW4k6mVTPO6_SsNRPwlJAETb_XQheq0aDh8W-9ZYt82Pm4Ku2Ig4Ej_Qa4ML4TIIfFxhXXpI4ab_xvs2ebr2utGkZKRoDfLYVLAtH3v7_W_IWOnzZzP9ejE5_YeT3XcyfxtK44Do8Ph6c2pLo1x8FZ1JODcJ6iLYqMqjzrsVt5Uvx1XkqgxAb1hThuUHdCkYWwyb0%3D&attredirects=0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Thu, 25 Sep 2014 21:46:37 GMT X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attachauth=anoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz1jodcj6ilyqmqjzrsvt5uvx1xkqgxab1hthuuhdckywwyb0%3d&attredirects=0 | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=0 Connection: close Date: Thu, 25 Sep 2014 21:46:37 GMT Location: https://www.google.com/a/UniversalLogin?service=jotspot&passive=1209600&continue=https://16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attachauth%3Danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz1jodcj6ilyqmqjzrsvt5uvx1xkqgxab1hthuuhdckywwyb0%253D%26attredirects%3D0&followup=https://16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attachauth%3Danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz1jodcj6ilyqmqjzrsvt5uvx1xkqgxab1hthuuhdckywwyb0%253D%26attredirects%3D0 Server: GSE Content-Type: text/html; charset=UTF-8 Expires: Thu, 25 Sep 2014 21:46:37 GMT Alternate-Protocol: 443:quic,p=0.002 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/a/universallogin?service=jotspot&passive=1209600&continue=https://16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com/site/amatullah83/js-indahnyaberbagi/bintang.hijau.js?attachauth%3danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz <span>...471 symbols skipped</span> | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0 Connection: close Date: Thu, 25 Sep 2014 21:46:37 GMT Location: /a/cpanel/universallogin?service=jotspot&passive=1209600&continue=https%3A%2F%2F16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Famatullah83%2Fjs-indahnyaberbagi%2Fbintang.hijau.js%3Fattachauth%3Danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz1jodcj6ilyqmqjzrsvt5uvx1xkqgxab1hthuuhdckywwyb0%253d%26attredirects%3D0&followup=https%3A%2F%2F16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com%2Fsite%2Famatullah83%2Fjs-indahnyaberbagi%2Fbintang.hijau.js%3Fattachauth%3Danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xcyfxtk44do8ph6c2plo1x8fz1jodcj6ilyqmqjzrsvt5uvx1xkqgxab1hthuuhdckywwyb0%253d%26attredirects%3D0 Server: GSE Content-Length: 1082 Content-Type: text/html; charset=UTF-8 Expires: Thu, 25 Sep 2014 21:46:37 GMT X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://www.google.com/a/cpanel/universallogin?service=jotspot&passive=1209600&continue=https%3a%2f%2f16a4b2f4-a-62cb3a1a-s-sites.googlegroups.com%2fsite%2famatullah83%2fjs-indahnyaberbagi%2fbintang.hijau.js%3fattachauth%3danoy7co7buczlaandsiegpauvz6f8ikbsazt2nuis-l3pjmx8-bw4k6mvtpo6_ssnrpwljaetb_xqheq0adh8w-9zyt82pm4ku2ig4ej_qa4ml4tiiffxhxxpi4ab_xvs2ebr2utgkzkrodflyvlath3v7_w_iwonzzzp9eje5_yet3xc <span>...510 symbols skipped</span> | 404 Not Found Content-Length: 141 Content-Type: text/html | clean |
http://www.google.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://www.google.com//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://hbhost.googlecode.com/files/snow.js | 404 Not Found Content-Length: 1438 Content-Type: text/html | clean |
http://hbhost.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://grandparentingplace.com//www.google.com/ | 404 Not Found Content-Length: 530 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: grandparentingplace.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 25 Sep 2014 21:46:34 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 105d8da8714d9f6e20fa3b4d2292eb8a=f143d7c5da04ba073dd1da459b18091a; path=/
X-Powered-By: PHP/5.3.10
GET / HTTP/1.1
Host: grandparentingplace.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Thu, 25 Sep 2014 21:46:34 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 105d8da8714d9f6e20fa3b4d2292eb8a=f143d7c5da04ba073dd1da459b18091a; path=/
X-Powered-By: PHP/5.3.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: grandparentingplace.com
Referer: http://www.google.com/search?q=grandparentingplace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: grandparentingplace.com
Referer: http://www.google.com/search?q=grandparentingplace.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=grandparentingplace.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://grandparentingplace.com/
Result: grandparentingplace.com is not infected or malware details are not published yet.
Result: grandparentingplace.com is not infected or malware details are not published yet.