Scanned pages/files
Request | Server response | Status |
http://psykocraft.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 13 Jan 2015 04:09:19 GMT Location: http://forum.psykocraft.com/ Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 CF-RAY: 1a7ebcd90ed605d5-WAW Set-Cookie: __cfduid=d03cc3c6b0b4e40f3f83b0dda611a27121421122159; expires=Wed, 13-Jan-16 04:09:19 GMT; path=/; domain=.psykocraft.com; HttpOnly X-Cache: HIT from Backend | clean |
http://forum.psykocraft.com/ | 503 Service Unavailable Content-Length: 1582 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY : HESSAM-X ...[227 bytes skipped]... <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>H A C K E D</title> </head> <body text="#FFFFFF" bgcolor="#000000"> <p align="center"><b><font face="Impact" style="font-size: 70pt"> <font color="#FF0000">H</font> A C K E D !<br> </font><font face="Tahoma" size="2" color="#FF0000">HACKED BY : HESSAM-X</font></b></p> <p align="center"><font face="Tahoma" size="2">we are :<b> f0rk_z ; s3rv3r_h4ck3r ; Hessam-x</b></font></p> <p align="center"><font face="Impact, Haettenschweiler, Verdana" size="7"> <strong><font face="Tahoma" color="#ffffff" size="1">Just Deface For Admoniti</font><font face="Tahoma" size="1">o</font><font face="Tahoma" color="#ffffff" size ...[985 bytes skipped]... | ||
http://forum.psykocraft.com/[removed] | 404 Not Found Content-Length: 1582 Content-Type: text/html | clean |
http://forum.psykocraft.com/test404page.js | 404 Not Found Content-Length: 1582 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: psykocraft.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 13 Jan 2015 04:09:19 GMT
Location: http://forum.psykocraft.com/
Server: cloudflare-nginx
Content-Type: text/html; charset=iso-8859-1
CF-RAY: 1a7ebcd90ed605d5-WAW
Set-Cookie: __cfduid=d03cc3c6b0b4e40f3f83b0dda611a27121421122159; expires=Wed, 13-Jan-16 04:09:19 GMT; path=/; domain=.psykocraft.com; HttpOnly
X-Cache: HIT from Backend
GET / HTTP/1.1
Host: psykocraft.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 13 Jan 2015 04:09:19 GMT
Location: http://forum.psykocraft.com/
Server: cloudflare-nginx
Content-Type: text/html; charset=iso-8859-1
CF-RAY: 1a7ebcd90ed605d5-WAW
Set-Cookie: __cfduid=d03cc3c6b0b4e40f3f83b0dda611a27121421122159; expires=Wed, 13-Jan-16 04:09:19 GMT; path=/; domain=.psykocraft.com; HttpOnly
X-Cache: HIT from Backend
Second query (visit from search engine):
GET / HTTP/1.1
Host: psykocraft.com
Referer: http://www.google.com/search?q=psykocraft.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: psykocraft.com
Referer: http://www.google.com/search?q=psykocraft.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=psykocraft.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://psykocraft.com/
Result: psykocraft.com is not infected or malware details are not published yet.
Result: psykocraft.com is not infected or malware details are not published yet.