Scanned pages/files
Request | Server response | Status |
http://tracyschwablaw.com/ | 200 OK Content-Length: 4128 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY HaxorsteinBD ...[929 bytes skipped]... ; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();</script></head> <body bgcolor="#000000"> <p class="auto-style1">HACKED BY HaxorsteinBD</p> <p class="auto-style1">Opodarthoz Haxor Crewz</p> <p class="auto-style1">https://www.facebook.com/legion.osiris</p> <p class="auto-style1">A SINGLE HACKER FROM BANGLADESH</p> <p class="auto-style1">Proud To be a Muslim,Proud To be a Bangladeshi</p> <p class="auto-style1">Dear admin this is insecured server,why dont you re-patch your security!!!!</p> <p class="auto-styl ...[3077 bytes skipped]... | ||
http://balyan.ir/images/s.js | 404 Not Found Content-Length: 617 Content-Type: text/html | clean |
http://balyan.ir/test404page.js | 404 Not Found Content-Length: 617 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tracyschwablaw.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 02:53:08 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (v 0 s 0 n 0 l 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (v 0 s 0 n 0 l 0))(PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (l 0 s 0 v 0 o 0))
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.14
GET / HTTP/1.1
Host: tracyschwablaw.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 02:53:08 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (v 0 s 0 n 0 l 0))
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0))(PICS-1.0 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (v 0 s 0 n 0 l 0))(PICS-1.1 "http://www.rsac.org/ratingsv01.html" l by "tmcnabb@houma.com" on "2010.12.16T09:33-0600" exp "2011.12.16T12:00-0600" r (l 0 s 0 v 0 o 0))
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.14
Second query (visit from search engine):
GET / HTTP/1.1
Host: tracyschwablaw.com
Referer: http://www.google.com/search?q=tracyschwablaw.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tracyschwablaw.com
Referer: http://www.google.com/search?q=tracyschwablaw.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tracyschwablaw.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tracyschwablaw.com/
Result: tracyschwablaw.com is not infected or malware details are not published yet.
Result: tracyschwablaw.com is not infected or malware details are not published yet.