Scanned pages/files
| Request | Server response | Status |
http://phantomalert.net/ | 200 OK Content-Length: 5144 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ...[4596 bytes skipped]... ;root[@]home: Deleted succesful</font>', '<font face="Impact" color="#fff" size="5">root[@]home: Upload index.html <br> root[@]home: Upload Complete</font>', '<font face="Impact" color="#fff" size="5">root[@]home: Logout Successful </font>', '<font face="Impact" color="#fff" size="5">root[@]Message:</font>', '<font face="Impact" color="#fff" size="6">Hacked By <br> _SuBZer0_ & SlickeR_Att4ck3R</font><br>_SuBZer0_ & SlickeR_Att4ck3R', '<font face="Impact" color="#fff" size="6">SPECIAL TNX TO XroGuE</FONT>SPECIAL TNX TO XroGuE', '<div class="SILENT"><font color="#00FFFF">S</font>i<font color="#00FFFF">l</font>e<font color="#00FFFF">n</font>t <font color="#00FFFF">t</font>e<font color="#00FFFF">a</font>m</div>'], ...[887 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 200 OK Content-Length: 92629 Content-Type: text/javascript | clean |
http://benjamin-32.persiangig.com/typed.js | 200 OK Content-Length: 13531 Content-Type: application/x-javascript | clean |
http://phantomalert.net/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://phantomalert.net//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: phantomalert.net
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 06 Jul 2015 19:29:03 GMT
Accept-Ranges: bytes
Age: 481
ETag: "1418-50d2795358530"
Server: Apache/2
Content-Length: 5144
Content-Type: text/html
Expires: Mon, 06 Jul 2015 20:21:02 GMT
Last-Modified: Wed, 21 Jan 2015 11:09:01 GMT
...5144 bytes of data.
GET / HTTP/1.1
Host: phantomalert.net
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Mon, 06 Jul 2015 19:29:03 GMT
Accept-Ranges: bytes
Age: 481
ETag: "1418-50d2795358530"
Server: Apache/2
Content-Length: 5144
Content-Type: text/html
Expires: Mon, 06 Jul 2015 20:21:02 GMT
Last-Modified: Wed, 21 Jan 2015 11:09:01 GMT
...5144 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: phantomalert.net
Referer: http://www.google.com/search?q=phantomalert.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: phantomalert.net
Referer: http://www.google.com/search?q=phantomalert.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=phantomalert.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://phantomalert.net/
Result: phantomalert.net is not infected or malware details are not published yet.
Result: phantomalert.net is not infected or malware details are not published yet.