Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://jmsexpress.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: jmsexpress.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 21 Sep 2014 08:27:22 GMT Location: http://vipmedsolutions.com/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 412 Content-Type: text/html; charset=iso-8859-1 | malicious |
URL: http://vipmedsolutions.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: vipmedsolutions.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Sep 2014 08:27:24 GMT Location: http://ultradoctors.com Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://jmsexpress.net/ | 200 OK Content-Length: 2506 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Jingklong ...[1870 bytes skipped]... e='position:absolute;top:-"+a+"'>"+d+"</span>")}if(t){window.onload=v}</script> <center><div id="neo_pic"><div class="mybox"></div></div> <pre id="sualmukuna_cugh"> <center><img src="http://www.suzanneokeeffe.co.uk/Broken-Heart-Wallpaper.jpg" height="400" width="550"></center><br> <font color="#FFFFFF"><h1> Hacked by Jingklong </h1> <br><br><br><br><br><br> <center><font face="courier new" color="lime" size="3.5">| Maniak k4Sur | Tanpa Bicara | JEJEJKT48 | guna1 | Antonkill | Badut Cyber | VinDerError | Jhoker | ALFABRUNO7 | H47CH1 | m4uL_r00t | | Virusa w0rm | | IRCemip | Angel dot id |</b></font></center> <embed allowscriptaccess="always" height="0" src="http://ochinliong.com/dangdut.swf" width="1" ...[63 bytes skipped]... | ||
http://jmsexpress.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Sep 2014 08:27:23 GMT Location: http://vipmedsolutions.com/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 388 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vipmedsolutions.com/ | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Sep 2014 08:27:25 GMT Location: http://ultradoctors.com Server: nginx Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | clean |
http://ultradoctors.com/ | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://ultradoctors.com/test404page.js | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jmsexpress.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jmsexpress.net/
Result: jmsexpress.net is not infected or malware details are not published yet.
Result: jmsexpress.net is not infected or malware details are not published yet.