Scanned pages/files
| Request | Server response | Status |
http://www.passportsite.ru/ | 200 OK Content-Length: 17945 Content-Type: text/html | clean |
http://www.passportsite.ru/files/ps.js | 200 OK Content-Length: 2933 Content-Type: application/x-javascript | clean |
http://www.passportsite.ru/user.php?us= | 200 OK Content-Length: 3055 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: YouR Site HaCkeD By ...[1271 bytes skipped]... guage=javascript> <!-- // mensaje elite mensaje= '<p align="lef"><font size="2" face="Courier New">Connecting , Please Wait . . . . . . . . . . . . . </font></p>'+' <br>'+' <br>'+ '<p align="center"><font size="3" face="Courier New">(b.s1) start. . . <br> '+ '<br> '+ 'YouR Site HaCkeD By <br>'+ ' <br>'+ '-----------(GOY HACKERS & DANGER14 )----------- <br> '+ '<br>'+ 'ITS YOUR CHANCE BABY ......... CANT STOP ITS MY GAME'+ ' <br>'+ ' <br>'+ 'back up:no<br>'+ ' <br>'+ 'THATS IT NICE DAY<br>'+ ' <br>'+ '<br>'+ ' <br>'+ 'need some help & ...[1698 bytes skipped]... | ||
http://www.passportsite.ru/test404page.js | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.passportsite.ru/?us= | HTTP/1.1 302 Found Connection: close Date: Thu, 12 Feb 2015 12:31:11 GMT Location: https://www.passportsite.ru Server: nginx/1.0.6 Content-Type: text/html; charset=windows-1251 X-Powered-By: PHP/5.2.10 | clean |
https://www.passportsite.ru/ | 200 OK Content-Length: 17945 Content-Type: text/html | clean |
https://www.passportsite.ru/files/ps.js | 200 OK Content-Length: 2933 Content-Type: application/x-javascript | clean |
http://www.passportsite.ru/browse.php?us= | HTTP/1.1 302 Found Connection: close Date: Thu, 12 Feb 2015 12:31:12 GMT Location: http://www.passportsite.ru Server: nginx/1.0.6 Content-Type: text/html; charset=windows-1251 Expires: Thu, 01 Jan 1970 00:00:01 GMT X-Powered-By: PHP/5.2.10 | clean |
https://www.passportsite.ru/user.php?do=add | 200 OK Content-Length: 3055 Content-Type: text/html | clean |
http://www.passportsite.ru/1 | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.passportsite.ru/2 | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.passportsite.ru/3 | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
https://www.passportsite.ru/ps | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 12 Feb 2015 12:31:13 GMT Location: https://www.passportsite.ru/ps/ Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7e-p1 PHP/5.2.10 Content-Type: text/html; charset=iso-8859-1 | clean |
https://www.passportsite.ru/ps/ | HTTP/1.1 302 Found Connection: close Date: Thu, 12 Feb 2015 12:31:13 GMT Location: http://www.passportsite.ru/?url=www.passportsite.ru&sess_id=%3Chtml%3E%0D%0A%3Chead%3E%3Ctitle%3E400+Bad+Request%3C%2Ftitle%3E%3C%2Fhead%3E%0D%0A%3Cbody+bgcolor%3D%22white%22%3E%0D%0A%3Ccenter%3E%3Ch1%3E400+Bad+Request%3C%2Fh1%3E%3C%2Fcenter%3E%0D%0A%3Chr%3E%3Ccenter%3Enginx%2F1.0.6%3C%2Fcenter%3E%0D%0A%3C%2Fbody%3E%0D%0A%3C%2Fhtml%3E%0D%0A Server: Apache/1.3.37 (Unix) mod_ssl/2.8.28 OpenSSL/0.9.7e-p1 PHP/5.2.10 Content-Type: text/html; charset=windows-1251 Expires: Thu, 01 Jan 1970 00:00:01 GMT X-Powered-By: PHP/5.2.10 | clean |
http://www.passportsite.ru/?url=www.passportsite.ru&sess_id=%3chtml%3e%0d%0a%3chead%3e%3ctitle%3e400+bad+request%3c%2ftitle%3e%3c%2fhead%3e%0d%0a%3cbody+bgcolor%3d%22white%22%3e%0d%0a%3ccenter%3e%3ch1%3e400+bad+request%3c%2fh1%3e%3c%2fcenter%3e%0d%0a%3chr%3e%3ccenter%3enginx%2f1.0.6%3c%2fcenter%3e%0d%0a%3c%2fbody%3e%0d%0a%3c%2fhtml%3e%0d%0a | 200 OK Content-Length: 18018 Content-Type: text/html | clean |
http://www.passportsite.ru/index.php | 200 OK Content-Length: 17945 Content-Type: text/html | clean |
http://www.passportsite.ru/cps.php | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.passportsite.ru/faq.php | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.passportsite.ru/partners.php | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: passportsite.ru
Result:
GET / HTTP/1.1
Host: passportsite.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: passportsite.ru
Referer: http://www.google.com/search?q=passportsite.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: passportsite.ru
Referer: http://www.google.com/search?q=passportsite.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=passportsite.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://passportsite.ru/
Result: passportsite.ru is not infected or malware details are not published yet.
Result: passportsite.ru is not infected or malware details are not published yet.