Scanned pages/files
Request | Server response | Status |
http://piramisa.md/ | 200 OK Content-Length: 11520 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY MOROCCAN AGENT SECRET <!DOCTYPE HTML PUBLIC> <Html> <head> <title></title><SCRIPT LANGUAGE="JavaScript"> <!-- Begin var scrl = " HACKED BY MOROCCAN AGENT SECRET "; function scrlsts() { scrl = scrl.substring(1, scrl.length) + scrl.substring(0, 1); document.title = scrl; setTimeout("scrlsts()", 300); } // End --> </script> </head> <head> <meta name="description" content="Hacked By Moroccan Agent Secret"> <meta name="keywords" content="mas,hacked,moroccanagentsecret,morocco"> <meta ...[13396 bytes skipped]... | ||
http://en.dnstools.ch/out/2.js | 200 OK Content-Length: 561 Content-Type: text/html | clean |
http://en.dnstools.ch/test404page.js | 404 Not Found Content-Length: 3691 Content-Type: text/html | clean |
http://en.dnstools.ch/js/system.js | 200 OK Content-Length: 3565 Content-Type: application/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 27405 Content-Type: text/javascript | clean |
http://en.dnstools.ch/ | 200 OK Content-Length: 4792 Content-Type: text/html | clean |
http://en.dnstools.ch/show-my-ip.html | 200 OK Content-Length: 6765 Content-Type: text/html | clean |
http://en.dnstools.ch/js/ipdetails.js | 200 OK Content-Length: 734 Content-Type: application/javascript | clean |
http://maps.google.com/maps?file=api&v=2&key=ABQIAAAANNeLBTQ9koj9bL_pVnJsEBQh8MLnq4bOwYZ4yPR07zKZBCelohRJmUpMi7WEVo6xy8CaiYjC12RFwg | 200 OK Content-Length: 134289 Content-Type: text/javascript | clean |
http://en.dnstools.ch/visual-traceroute.html | 200 OK Content-Length: 6572 Content-Type: text/html | clean |
http://en.dnstools.ch/js/tracemap.js | 200 OK Content-Length: 1978 Content-Type: application/javascript | clean |
http://en.dnstools.ch/online-ping.html | 200 OK Content-Length: 6168 Content-Type: text/html | clean |
http://en.dnstools.ch/dns-nameserver.html | 200 OK Content-Length: 7781 Content-Type: text/html | clean |
http://en.dnstools.ch/port-scan.html | 200 OK Content-Length: 11699 Content-Type: text/html | clean |
http://en.dnstools.ch/reverse-ip.html | 200 OK Content-Length: 5587 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: piramisa.md
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 10 Dec 2015 04:36:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
X-Cache: HIT from Backend
X-Powered-By: PHP/5.5.30
GET / HTTP/1.1
Host: piramisa.md
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 10 Dec 2015 04:36:30 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html
X-Cache: HIT from Backend
X-Powered-By: PHP/5.5.30
Second query (visit from search engine):
GET / HTTP/1.1
Host: piramisa.md
Referer: http://www.google.com/search?q=piramisa.md
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: piramisa.md
Referer: http://www.google.com/search?q=piramisa.md
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=piramisa.md
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://piramisa.md/
Result: piramisa.md is not infected or malware details are not published yet.
Result: piramisa.md is not infected or malware details are not published yet.