Scanned pages/files
| Request | Server response | Status |
http://usamb-dod.org/ | 200 OK Content-Length: 95665 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Volcano Hacker ...[23825 bytes skipped]... <div id="ja-topsl1" class="wrap "> <div class="main clearfix"> <!-- SPOTLIGHT --> <div class="ja-box-wrap column ja-box-left" style="width: 66%;"> <div class="ja-box clearfix"> <div class="ja-moduletable moduletable-newsfp clearfix" id="Mod115"> <div class="ja-box-ct clearfix"> Hacked By Volcano Hacker<!-- --> <div id="ja-zinfp-wrap-115" class="ja-zinfp-wrap default"> <div id="ja-zinfp-115" class="ja-zinfp clearfix"> <div class="ja-zinfp-main-wrap"> <div class="ja-zinfp-main clearfix"> <div class="ja-zinfp-featured-wrap column"> <div class="ja-zinfp-featured-border"> <div class="ja-zinfp-featured clearfix"> <div class="ja-zincontent-wrap active show"> <d ...[91602 bytes skipped]... | ||
http://usamb-dod.org/index.php?jat3action=gzip&jat3type=js&jat3file=t3-assets%2Fjs_ab0d9.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Connection: close Date: Sun, 21 Sep 2014 00:28:48 GMT Location: http://usamb-dod.org/?jat3action=gzip&jat3type=js&jat3file=t3-assets/js_ab0d9.js Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: 1465f4dbfed9e8b7f25b3183cc5bf467=a318pdue40u1f4ihm7phqbp5r1; path=/ X-Powered-By: PHP/5.4.17 | clean |
http://usamb-dod.org/?jat3action=gzip&jat3type=js&jat3file=t3-assets/js_ab0d9.js | 200 OK Content-Length: 300762 Content-Type: text/javascript | clean |
http://usamb-dod.org/Dep/ | 200 OK Content-Length: 37485 Content-Type: text/html | clean |
http://usamb-dod.org/index.php?jat3action=gzip&jat3type=js&jat3file=t3-assets%2Fjs_8a6c2.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache Connection: close Date: Sun, 21 Sep 2014 00:28:56 GMT Location: http://usamb-dod.org/?jat3action=gzip&jat3type=js&jat3file=t3-assets/js_8a6c2.js Server: Apache/2 Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: 1465f4dbfed9e8b7f25b3183cc5bf467=3aqh6dhi8o32v5dp7nu1a1uk72; path=/ X-Powered-By: PHP/5.4.17 | clean |
http://usamb-dod.org/?jat3action=gzip&jat3type=js&jat3file=t3-assets/js_8a6c2.js | 200 OK Content-Length: 300762 Content-Type: text/javascript | clean |
http://usamb-dod.org/Dep/Bi-quyet-lam-dep/ | 200 OK Content-Length: 37762 Content-Type: text/html | clean |
http://usamb-dod.org/Dep/Duong-da/ | 200 OK Content-Length: 29397 Content-Type: text/html | clean |
http://usamb-dod.org/Dep/My-pham/ | 200 OK Content-Length: 28389 Content-Type: text/html | clean |
http://usamb-dod.org/Dep/Nguoi-dep/ | 200 OK Content-Length: 47927 Content-Type: text/html | clean |
http://usamb-dod.org/Dep/Trang-diem/ | 200 OK Content-Length: 32749 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/ | 200 OK Content-Length: 36977 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/Thoi-trang-ao-cuoi/ | 200 OK Content-Length: 28990 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/Thoi-trang-cong-so/ | 200 OK Content-Length: 30218 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/Thoi-trang-da-hoi/ | 200 OK Content-Length: 29150 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/Thoi-trang-do-ngu/ | 200 OK Content-Length: 30476 Content-Type: text/html | clean |
http://usamb-dod.org/Thoi-trang/Bikini/ | 200 OK Content-Length: 26298 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: usamb-dod.org
Result:
HTTP/1.1 200 OK
Cache-Control: private, no-cache
Connection: close
Date: Sun, 21 Sep 2014 00:28:44 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires:
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1465f4dbfed9e8b7f25b3183cc5bf467=murikeq9f44rnn4o1imlru7ma7; path=/
Set-Cookie: ja_teline_iv_tpl=ja_teline_iv; expires=Fri, 11-Sep-2015 00:28:45 GMT; path=/
X-Powered-By: PHP/5.4.17
GET / HTTP/1.1
Host: usamb-dod.org
Result:
HTTP/1.1 200 OK
Cache-Control: private, no-cache
Connection: close
Date: Sun, 21 Sep 2014 00:28:44 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
Expires:
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1465f4dbfed9e8b7f25b3183cc5bf467=murikeq9f44rnn4o1imlru7ma7; path=/
Set-Cookie: ja_teline_iv_tpl=ja_teline_iv; expires=Fri, 11-Sep-2015 00:28:45 GMT; path=/
X-Powered-By: PHP/5.4.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: usamb-dod.org
Referer: http://www.google.com/search?q=usamb-dod.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: usamb-dod.org
Referer: http://www.google.com/search?q=usamb-dod.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=usamb-dod.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://usamb-dod.org/
Result: usamb-dod.org is not infected or malware details are not published yet.
Result: usamb-dod.org is not infected or malware details are not published yet.