Scanned pages/files
Request | Server response | Status |
http://hammerbooks.org/ | 200 OK Content-Length: 116426 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: ahhlsw.com <div style="display:none;"> <a href="http://nasra.biz/cheapoakleysunglasses-5e5e5e.asp" style="padding-right:8px;" target="_blank">Oakley Sunglasses,Oakley Glasses Outlet Stores For Sale 80% Discount!</a><br/> <a href="http://nasra.biz/cheapoakleysunglasses-8b5a00.asp" style="padding-right:8px;" target="_blank">Oakley Sunglasses,Oakley Glasses Outlet Stores For Sale 80% Discount!</a><br/> <a hr ...[4282 bytes skipped]... Deface/Content modification. The following signature was found: Hacked By Criminal BD ...[84759 bytes skipped]... ;/a> <a href="http://www.zz57z.com/norge.asp" target=_blank>Toms salg</a> <a href="http://www.kppco.com/tomsskonettbutikk.asp" target=_blank>toms SKO</a> <a href="http://www.sxhtzxjx.cn/billigetoms.asp" target=_blank>toms SKO</a> </div><html> <link REL="SHORTCUT ICON" HREF="http://oi58.tinypic.com/ieqvd2.jpg"> <HEAD><TITLE>Hacked By Criminal BD</TITLE><!-- saved from url=(0018)http://07-ksa.com/ --> <center> <div id="fabio"><img src="http://oi57.tinypic.com/33eoqr7.jpg" title="Fabio-r403" alt="Fabio-r403" width="290" height="340"></div> <font size='4' color='green' face='Courier New'> <h1>Hacked <font color=Red>By </font>Criminal BD</h1> <body> </center> <code><center>Bangladeshi Hackers</code ...[47742 bytes skipped]... | ||
http://hammerbooks.org/test404page.js | 404 Not Found Content-Length: 284 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hammerbooks.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Sep 2015 18:39:18 GMT
Accept-Ranges: bytes
ETag: "c31284-1c6ca-55bdafcc"
Server: Apache/1.3.41 (Unix) PHP/4.4.9 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Content-Length: 116426
Content-Type: text/html
Last-Modified: Sun, 02 Aug 2015 05:51:08 GMT
...116426 bytes of data.
GET / HTTP/1.1
Host: hammerbooks.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Sep 2015 18:39:18 GMT
Accept-Ranges: bytes
ETag: "c31284-1c6ca-55bdafcc"
Server: Apache/1.3.41 (Unix) PHP/4.4.9 FrontPage/5.0.2.2510 mod_ssl/2.8.31 OpenSSL/0.9.8e-fips-rhel5
Content-Length: 116426
Content-Type: text/html
Last-Modified: Sun, 02 Aug 2015 05:51:08 GMT
...116426 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hammerbooks.org
Referer: http://www.google.com/search?q=hammerbooks.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hammerbooks.org
Referer: http://www.google.com/search?q=hammerbooks.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hammerbooks.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hammerbooks.org/
Result: hammerbooks.org is not infected or malware details are not published yet.
Result: hammerbooks.org is not infected or malware details are not published yet.