Scanned pages/files
| Request | Server response | Status |
http://jimiup.com/ | 200 OK Content-Length: 4559 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !-- *//hacked By K4C3 Undetected, ./hacked by K4C3 Undetected, h4ck3d K4C3 Undetected, owned K4C3 Un ...[3219 bytes skipped]... "+d+"</span>")}if(t){window.onload=v}</script> <script type="text/javascript" src="http://exploitlabz.ml/js/snow1.js"></script> <script type="text/javascript" src="http://exploitlabz.ml/js/snow2.js"></script> <script type="text/javascript" src="http://exploitlabz.ml/js/snow_3.js"></script> </head> <!-- *//hacked By K4C3 Undetected, ./hacked by K4C3 Undetected, h4ck3d K4C3 Undetected, owned K4C3 Undetected, 0wn3d K4C3 Undetected, defaced K4C3 Undetected, d3f4c3d K4C3 Undetected, attacked by K4C3 Undetected , hacked by K4C3 Undetected hacker,hacked by K4C3 Undetected ./hacked by K4C3 Undetected, h4ck3d by K4C3 Undetected, owned by K4C3 Undetected, 0wn3d by K4C3 Undetected, defaced by K4C3 Undetected, K4C3 Undetected , attack by K4C3 Undetected --> </head> </h1> <h1 style='text-shadow: ...[1036 bytes skipped]... | ||
http://jimiup.com/%7BCoNtrollEd%20bY%20Death%7D_files/cloudflare.js | 404 Not Found Content-Length: 978 Content-Type: text/html | clean |
http://jimiup.com/test404page.js | 404 Not Found Content-Length: 978 Content-Type: text/html | clean |
http://jimiup.com/%7BCoNtrollEd%20bY%20Death%7D_files/rocket.htm | 404 Not Found Content-Length: 978 Content-Type: text/html | clean |
http://exploitlabz.ml/js/snow1.js | 200 OK Content-Length: 2901 Content-Type: application/javascript | clean |
http://exploitlabz.ml/js/snow2.js | 200 OK Content-Length: 3312 Content-Type: application/javascript | clean |
http://exploitlabz.ml/js/snow_3.js | 200 OK Content-Length: 3165 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jimiup.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: close
Date: Sun, 25 May 2014 15:31:09 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
Expires: Mon, 26 May 2014 15:31:09 GMT
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: jimiup.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=86400
Connection: close
Date: Sun, 25 May 2014 15:31:09 GMT
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html
Expires: Mon, 26 May 2014 15:31:09 GMT
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: jimiup.com
Referer: http://www.google.com/search?q=jimiup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jimiup.com
Referer: http://www.google.com/search?q=jimiup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jimiup.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jimiup.com/
Result: jimiup.com is not infected or malware details are not published yet.
Result: jimiup.com is not infected or malware details are not published yet.