Scanned pages/files
Request | Server response | Status |
http://dfpscorp.com/ | HTTP/1.1 302 Found Connection: close Date: Tue, 22 Dec 2015 17:17:32 GMT Location: http://dfpscorp.com/cgi-sys/suspendedpage.cgi Server: nginx/1.8.0 Content-Length: 291 Content-Type: text/html; charset=iso-8859-1 | clean |
http://dfpscorp.com/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 6030 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By: 4Ri3 60ndr0n9 | Security Tester XXX~HACKER TEAM was here.!!!!! | West Borneo Hacker | IND ...[473 bytes skipped]... !--<![endif]--> <head> <meta http-equiv="X-UA-Compatible" content="IE-9"/> <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>«à¹à®ãXXX~HACKER TEAMãà®à¹Â»</title> <meta name="description" content="Hacked By: 4Ri3 60ndr0n9 | Security Tester XXX~HACKER TEAM was here.!!!!! | West Borneo Hacker | INDONESIA" /> <meta name="keywords" content="Hacked, Hacker, Hacking" /> <meta name="author" content="4213 60ndr0n9" /> <link rel="SHORTCUT ICON" href="http://xxx-hacker.com/images/x.gif"> <link rel="stylesheet" type="text/css" href="https://googledrive.com/host/0B5uxp5skWMQeQXVkclJjTXIyTzA" /> <script type="text/javascript" src="https://googledrive.com/host/0B7THSYiNCrqJMmV4 ...[6404 bytes skipped]... | ||
https://googledrive.com/host/0B7THSYiNCrqJMmV4S1czaVFCZWs | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 22 Dec 2015 17:17:33 GMT Pragma: no-cache Accept-Ranges: none Location: https://bc1ca7948df947caad37680f653921e00dca2048.googledrive.com/host/0B7THSYiNCrqJMmV4S1czaVFCZWs Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://bc1ca7948df947caad37680f653921e00dca2048.googledrive.com/host/0b7thsyincrqjmmv4s1czavfczws | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 22 Dec 2015 17:17:33 GMT Pragma: no-cache Accept-Ranges: none Location: https://e0b61920f847083a965975243506b6738aa8648b-bc1ca7948df947caad37680f653921e00dca2048.googledrive.com/host/0b7thsyincrqjmmv4s1czavfczws Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://e0b61920f847083a965975243506b6738aa8648b-bc1ca7948df947caad37680f653921e00dca2048.googledrive.com/host/0b7thsyincrqjmmv4s1czavfczws | 500 Can't connect to e0b61920f847083a965975243506b6738aa8648b-bc1ca7948df947caad37680f653921e00dca2048.googledrive.com:443 Content-Length: 274 Content-Type: text/plain | clean |
http://e0b61920f847083a965975243506b6738aa8648b-bc1ca7948df947caad37680f653921e00dca2048.googledrive.com/test404page.js | 500 Can't connect to e0b61920f847083a965975243506b6738aa8648b-bc1ca7948df947caad37680f653921e00dca2048.googledrive.com:80 Content-Length: 272 Content-Type: text/plain | clean |
https://apis.google.com/js/platform.js | 200 OK Content-Length: 39385 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dfpscorp.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 22 Dec 2015 17:17:32 GMT
Location: http://dfpscorp.com/cgi-sys/suspendedpage.cgi
Server: nginx/1.8.0
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1
...291 bytes of data.
GET / HTTP/1.1
Host: dfpscorp.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 22 Dec 2015 17:17:32 GMT
Location: http://dfpscorp.com/cgi-sys/suspendedpage.cgi
Server: nginx/1.8.0
Content-Length: 291
Content-Type: text/html; charset=iso-8859-1
...291 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dfpscorp.com
Referer: http://www.google.com/search?q=dfpscorp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dfpscorp.com
Referer: http://www.google.com/search?q=dfpscorp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dfpscorp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dfpscorp.com/
Result: dfpscorp.com is not infected or malware details are not published yet.
Result: dfpscorp.com is not infected or malware details are not published yet.