Scanned pages/files
Request | Server response | Status |
http://ramaporaidersathletics.com/ | 200 OK Content-Length: 1332 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY Mr.M0R0 MOROCCAN HACKER <html>
<head> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>HACKED BY Mr.M0R0 MOROCCAN HACKER</title> </head> <body> <p align="center"><img border="0" src="http://p4.storage.canalblog.com/46/95/864954/65130309_p.gif"></p> <p align="center"> HACKED AND DEFACED BY Mr.MORO MOROCCAN HACKER</p> <p align="center"> WHAT THE HELL IS GOING ON HERE YOUR SECURITY IS LIKE A SHIT</p> <p a ...[1124 bytes skipped]... | ||
http://ramaporaidersathletics.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 05 Oct 2015 18:03:25 GMT Location: http://ramaponj.powermediallc.org/index.php Server: Apache Content-Length: 303 Content-Type: text/html; charset=iso-8859-1 | clean |
http://ramaponj.powermediallc.org/index.php | 200 OK Content-Length: 6193 Content-Type: text/html | clean |
http://ramaponj.powermediallc.org/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 Oct 2015 18:03:27 GMT Location: http://powermediallc.org/wp-signup.php?new=ramaponj Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html Set-Cookie: visid_incap_359935=heGQKAAuR4WyjOIHOal6mW+7ElYAAAAAQUIPAAAAAACrMzNAVByJBxdXUYol/flW; expires=Wed, 04 Oct 2017 11:38:01 GMT; path=/; Domain=.powermediallc.org Set-Cookie: incap_ses_323_359935=tmlkBjao6TwcWkQWJ4d7BG+7ElYAAAAAd1COqWlznxH+GxpD61vG7Q==; path=/; Domain=.powermediallc.org Set-Cookie: ___utmvmFPuLaMP=FuJkSkohhxA; path=/; Max-Age=900 Set-Cookie: ___utmvaFPuLaMP=HwjtFrg; path=/; Max-Age=900 Set-Cookie: ___utmvbFPuLaMP=TZJ XFHOhalL: btG; path=/; Max-Age=900 X-CDN: Incapsula X-Iinfo: 8-87074370-87074371 NNNN CT(153 -1 0) RT(1444068206953 0) q(0 0 2 -1) r(4 4) U11 X-Powered-By: PHP/5.5.21 | clean |
http://powermediallc.org/wp-signup.php?new=ramaponj | 200 OK Content-Length: 6197 Content-Type: text/html | clean |
http://powermediallc.org/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ramaporaidersathletics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 05 Oct 2015 18:03:25 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: ramaporaidersathletics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 05 Oct 2015 18:03:25 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: ramaporaidersathletics.com
Referer: http://www.google.com/search?q=ramaporaidersathletics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ramaporaidersathletics.com
Referer: http://www.google.com/search?q=ramaporaidersathletics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ramaporaidersathletics.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ramaporaidersathletics.com/
Result: ramaporaidersathletics.com is not infected or malware details are not published yet.
Result: ramaporaidersathletics.com is not infected or malware details are not published yet.