Scanned pages/files
Request | Server response | Status |
http://ursq.com/ | 200 OK Content-Length: 3913 Content-Type: text/html | clean |
http://ursq.com/.ftpquota | 403 Forbidden Content-Length: 330 Content-Type: text/html | clean |
http://ursq.com/test404page.js | 404 Not Found Content-Length: 326 Content-Type: text/html | clean |
http://ursq.com/FUNNYJOKESANDFUN.COM/ | 404 Not Found Content-Length: 83646 Content-Type: text/html | clean |
http://www.funnyjokesandfun.com/wp-content/themes/hmtpro5/adscript.js | 200 OK Content-Length: 176 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.8.16 | 200 OK Content-Length: 4365 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-includes/js/jquery/ui/jquery.ui.widget.min.js?ver=1.8.16 | 200 OK Content-Length: 3303 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-includes/js/jquery/ui/jquery.ui.tabs.min.js?ver=1.8.16 | 200 OK Content-Length: 11632 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-includes/js/jquery/ui/jquery.ui.accordion.min.js?ver=1.8.16 | 200 OK Content-Length: 9224 Content-Type: application/javascript | clean |
http://www.funnyjokesandfun.com/wp-content/plugins/OLD-wp-rss-curator-pro-old/assets/js/wrc-widget.js?ver=3.3.2 | 200 OK Content-Length: 1576 Content-Type: application/javascript | clean |
http://ursq.com/QRgen/ | 200 OK Content-Length: 11537 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By RooTRasta; <html>
<head> <title>./RooTRasta</title> <link REL="SHORTCUT ICON" HREF="http://poebas.org/images/icont.png"> <meta name="description" content=" ✌Tested By RooTRasta✌"> <meta name="keywords" content=" Hacked By RooTRasta;"> <script type='text/javascript'> var DADrightclicktheme = 'Dark'; var DADrightclickimage = 'http://31.media.tumblr.com/tumblr_lzx4fu5bwc1qit21yo1_500.jpg';</script> <script type='text/javascript' src="http://tuyulz-blogspot.googlecode.com/files/Anti%20Klik.js"> </script> <script type="text/javascript"> var snowsrc = "http://surmelikoyu.com/images/tree-md.png" ...[13579 bytes skipped]... | ||
http://tuyulz-blogspot.googlecode.com/files/Anti%20Klik.js | 200 OK Content-Length: 2027 Content-Type: text/plain | clean |
http://tuyulz-blogspot.googlecode.com/files/ | 404 Not Found Content-Length: 1431 Content-Type: text/html | clean |
http://tuyulz-blogspot.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ursq.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Jun 2014 22:21:11 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 3913
Content-Type: text/html;charset=ISO-8859-1
...3913 bytes of data.
GET / HTTP/1.1
Host: ursq.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Jun 2014 22:21:11 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 3913
Content-Type: text/html;charset=ISO-8859-1
...3913 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ursq.com
Referer: http://www.google.com/search?q=ursq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ursq.com
Referer: http://www.google.com/search?q=ursq.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ursq.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ursq.com/
Result: ursq.com is not infected or malware details are not published yet.
Result: ursq.com is not infected or malware details are not published yet.