Scanned pages/files
Request | Server response | Status |
http://loanform.com/ | 200 OK Content-Length: 164997 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: 14 Million Government Employee Records Hacked by China in Massive Data Breach ...[89168 bytes skipped]... _in_Massive_Data_Breach/p"><span class="fa fa-play-circle-o transparent_class"></span></a> <img src="http://i.ytimg.com/vi/7G2IP_382x0/0.jpg" alt=""> <div class="vc-meta"> <p class="pull-right"></p> </div> </div> <a href="http://article.wn.com/view/2015/07/10/215_million_affected_by_US_government_data_breach_blames_Chi/videos">14 Million Government Employee Records Hacked by China in Massive Data Breach</a> </div> <div class="rvl-item"> <div class="video-thumb"> <a href="http://wn.com/Massive_Federal_Data_Breach_US_Suspects_Chinese_Hackers_in_China_Behind_Government_Data_Breach/p"><span class="fa fa-play-circle-o transparent_class"></span></a> <img src="http://i.ytimg.com/vi/5IQgVUw_yvA/0.jpg" alt=""> <div class="vc-meta"> <p class="pull-right"></p> </div> </div ...[105937 bytes skipped]... | ||
http://cdn9.wn.com/vp/m/cd/199f5ee0962d2242db980c5b26970b.js | 200 OK Content-Length: 128818 Content-Type: application/javascript | clean |
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js | 200 OK Content-Length: 35601 Content-Type: text/javascript | clean |
http://loanform.com/test404page.js | 404 Not Found Content-Length: 955 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: loanform.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 10 Jul 2015 15:59:03 GMT
Accept-Ranges: bytes
ETag: "a009b-28485-51a876f3d5d23"
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 164997
Content-Type: text/html
Last-Modified: Fri, 10 Jul 2015 15:57:52 GMT
Set-Cookie: wnTrk=wn.1436543943.854690.wnstatic2.6845.576; domain=.loanform.com; expires=Fri, 01-Jan-2038 12:34:00 GMT
...164997 bytes of data.
GET / HTTP/1.1
Host: loanform.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache="set-cookie"
Connection: close
Date: Fri, 10 Jul 2015 15:59:03 GMT
Accept-Ranges: bytes
ETag: "a009b-28485-51a876f3d5d23"
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 164997
Content-Type: text/html
Last-Modified: Fri, 10 Jul 2015 15:57:52 GMT
Set-Cookie: wnTrk=wn.1436543943.854690.wnstatic2.6845.576; domain=.loanform.com; expires=Fri, 01-Jan-2038 12:34:00 GMT
...164997 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: loanform.com
Referer: http://www.google.com/search?q=loanform.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: loanform.com
Referer: http://www.google.com/search?q=loanform.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=loanform.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://loanform.com/
Result: loanform.com is not infected or malware details are not published yet.
Result: loanform.com is not infected or malware details are not published yet.