Scanned pages/files
| Request | Server response | Status |
http://nvprima.org/ | 200 OK Content-Length: 5464 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Ashiyane Digital Security Team ...[4096 bytes skipped]... nstanceBeginEditable name="main" --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type" /> <meta content="unique2world" http-equiv="designer" /> <title>Hacked By Ashiyane Digital Security Team</title> <link rel="icon" href="http://unique2world.persiangig.com/favicon.ico" type="image/x-icon" /> <link rel="shortcut icon" href="http://unique2world.persiangig.com/favicon.ico" type="image/x-icon" /> <style type="text/css"> *,body,div,p,span,h6{padding: 0px;margin: 0px;}body{background-color: #000000;}img{border-width: 0px;-ms-interpolation-mode: bicubic;}.wrapper{margin: 50px 0px 10px 0px;font-family: tahoma;font ...[2053 bytes skipped]... | ||
http://nvprima.org/annual-conference.asp | 200 OK Content-Length: 5252 Content-Type: text/html | clean |
http://nvprima.org/Chapter-Officers.asp | 200 OK Content-Length: 4145 Content-Type: text/html | clean |
http://nvprima.org/About-Us.asp | 200 OK Content-Length: 4641 Content-Type: text/html | clean |
http://nvprima.org/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/2011%20Legislative%20changes.pdf | 200 OK Content-Length: 230878 Content-Type: application/pdf | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/ADAAA_PRIMA_Presentation%20Handout%203_23.pdf | 200 OK Content-Length: 243781 Content-Type: application/pdf | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/Managing%20Social%20Media%20in%20the%20Workplace_PRIMA%20Conference.pdf | 200 OK Content-Length: 301560 Content-Type: application/pdf | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/OML%20POWERPOINT%20Spring%202012_3_15_12.ppt | 200 OK Content-Length: 300179 Content-Type: application/vnd.ms-powerpoint | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/Controlling%20WC%20Claims%20as%20your%20Workforce%20Ages%20-%20NV%20PRIMA.pdf | 200 OK Content-Length: 301561 Content-Type: application/pdf | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/Safety%20in%20Athletics%20(25th).pdf | 200 OK Content-Length: 302921 Content-Type: application/pdf | clean |
http://nvprima.org/userfiles/file/2012%20Nevada%20Prima%20Presentations/Science%20Lab%20Safety%20(25th).pdf | 200 OK Content-Length: 300312 Content-Type: application/pdf | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nvprima.org
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 27 Jan 2015 16:49:32 GMT
Server: Microsoft-IIS/7.0
Content-Length: 5464
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCATQBCT=MGDDPNNDEOGOCJBPBCHNKMCM; path=/
X-Powered-By: ASP.NET
...5464 bytes of data.
GET / HTTP/1.1
Host: nvprima.org
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 27 Jan 2015 16:49:32 GMT
Server: Microsoft-IIS/7.0
Content-Length: 5464
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQCATQBCT=MGDDPNNDEOGOCJBPBCHNKMCM; path=/
X-Powered-By: ASP.NET
...5464 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nvprima.org
Referer: http://www.google.com/search?q=nvprima.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nvprima.org
Referer: http://www.google.com/search?q=nvprima.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nvprima.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nvprima.org/
Result: nvprima.org is not infected or malware details are not published yet.
Result: nvprima.org is not infected or malware details are not published yet.