Scanned pages/files
| Request | Server response | Status |
http://kiddsbooks.com/ | 200 OK Content-Length: 3810 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Aymen 404 <html><head> <meta http-equiv='X-UA-Compatible' content='IE=edge'> <title>Hacked By Aymen 404 </title> <link rel='shortcut icon' href='http://images.alarabiya.net/38/8b/640x392_80648_218824.jpg'> <title> Aymen _TN 404</title> <style> <!-- SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } SPAN.SpellE { } --> </style> <script type='t ...[4399 bytes skipped]... | ||
http://v.zilionfast.in/1522753370/?t=vrt | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 01 Jul 2015 12:08:02 GMT Location: http://sso.anbtr.com/domain/v.zilionfast.in Server: nginx Content-Type: text/html Set-Cookie: btst=31b735c4265424d1e19704859851ef85|78.158.11.226|1435752482|1435752482|0|1|0 Set-Cookie: snkz=78.158.11.226 | clean |
http://sso.anbtr.com/domain/v.zilionfast.in | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 01 Jul 2015 12:08:03 GMT Location: http://xsso.v.zilionfast.in/41e9a7e107521f02b03d414301047505 Server: nginx Content-Type: text/html Set-Cookie: anbtr=41e9a7e107521f02b03d414301047505; domain=.zilionfast.in | clean |
http://xsso.v.zilionfast.in/41e9a7e107521f02b03d414301047505 | 200 OK Content-Length: 24 Content-Type: text/html | clean |
http://xsso.v.zilionfast.in/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://kiddsbooks.com//static.getjs.net/sd/1018/1022.js/ | 404 Not Found Content-Length: 481 Content-Type: text/html | clean |
http://kiddsbooks.com//static.getjs.net/sd/1018/1005.js/ | 404 Not Found Content-Length: 481 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kiddsbooks.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Jul 2015 12:08:05 GMT
Accept-Ranges: bytes
ETag: "f54853-ee2-507598b9fe160"
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 3810
Content-Type: text/html
Last-Modified: Sat, 08 Nov 2014 14:14:19 GMT
...3810 bytes of data.
GET / HTTP/1.1
Host: kiddsbooks.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Jul 2015 12:08:05 GMT
Accept-Ranges: bytes
ETag: "f54853-ee2-507598b9fe160"
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 3810
Content-Type: text/html
Last-Modified: Sat, 08 Nov 2014 14:14:19 GMT
...3810 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: kiddsbooks.com
Referer: http://www.google.com/search?q=kiddsbooks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kiddsbooks.com
Referer: http://www.google.com/search?q=kiddsbooks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kiddsbooks.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kiddsbooks.com/
Result: kiddsbooks.com is not infected or malware details are not published yet.
Result: kiddsbooks.com is not infected or malware details are not published yet.