Scanned pages/files
Request | Server response | Status |
http://incom.com.vn/ | 200 OK Content-Length: 6028 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Pagolmoon3 ...[5232 bytes skipped]... <div id="node-132" class="node node-page clearfix" about="/?q=node/132" typeof="foaf:Document"> <div class="content"> <div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><html> <head> <title> Hacked By Pagolmoon3</title> <body bgcolor="black"> <p align="center"><font color="Red" size="7+"></blink>Hacked By pagolmoon3</blink></font></p><br><br><br> <p align="center"><img src="https://fbcdn-dragon-a.akamaihd.net/hphotos-ak-xfp1/t39.1997-6/p160x160/10333111_472161942915731_188505234_n.png"/></p> <p align="center"> <font color="Green" size="5+">contact </font>:<fo ...[939 bytes skipped]... | ||
http://incom.com.vn/misc/jquery.js?v=1.4.4 | 200 OK Content-Length: 78602 Content-Type: application/x-javascript | clean |
http://incom.com.vn/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/x-javascript | clean |
http://incom.com.vn/misc/drupal.js?nnglcl | 200 OK Content-Length: 14544 Content-Type: application/x-javascript | clean |
http://incom.com.vn/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: incom.com.vn
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Jul 2015 18:06:13 GMT
ETag: "1436465172"
Server: Microsoft-IIS/6.0
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 09 Jul 2015 18:06:12 +0000
Link: </?q=node/132>; rel="canonical",</?q=node/132>; rel="shortlink"
X-Died: timeout at scan.pm line 1566.
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.2.6
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: incom.com.vn
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 09 Jul 2015 18:06:13 GMT
ETag: "1436465172"
Server: Microsoft-IIS/6.0
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Thu, 09 Jul 2015 18:06:12 +0000
Link: </?q=node/132>; rel="canonical",</?q=node/132>; rel="shortlink"
X-Died: timeout at scan.pm line 1566.
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.2.6
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: incom.com.vn
Referer: http://www.google.com/search?q=incom.com.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: incom.com.vn
Referer: http://www.google.com/search?q=incom.com.vn
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=incom.com.vn
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://incom.com.vn/
Result: incom.com.vn is not infected or malware details are not published yet.
Result: incom.com.vn is not infected or malware details are not published yet.