Scanned pages/files
Request | Server response | Status |
http://railsensor.com/ | 200 OK Content-Length: 8715 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by .:: 1UcIf42 5pId32 ::. from CyBER-71 <!doctype html>
<html lang="en"> <title>Hacked by .:: 1UcIf42 5pId32 ::. from CyBER-71</title> <body bgcolor=black lang=EN-US style='tab-interval:36.0pt; text-align:center'> <onload=type_text() onclick='alert("This script is valid for .:: 1UcIf42 5pId32 ::. !! Do not Try To Copy :This script ")'> <br> <link rel="SHORTCUT ICON" type="image/x-icon" href="http://netanimations.net/Moving-picture-Bangladesh-flag-waving-in-wind-animated-gif-1.gif"> <scri ...[9832 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js | 200 OK Content-Length: 92629 Content-Type: text/javascript | clean |
http://railsensor.com/test404page.js | 200 OK Content-Length: 8715 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: railsensor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 02 Jul 2015 01:40:02 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: railsensor.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 02 Jul 2015 01:40:02 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: railsensor.com
Referer: http://www.google.com/search?q=railsensor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: railsensor.com
Referer: http://www.google.com/search?q=railsensor.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=railsensor.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://railsensor.com/
Result: railsensor.com is not infected or malware details are not published yet.
Result: railsensor.com is not infected or malware details are not published yet.