Scanned pages/files
Request | Server response | Status |
http://ebce.net/ | HTTP/1.1 302 Found Connection: close Date: Thu, 18 Sep 2014 02:44:26 GMT Location: http://ebce.net/cgi-sys/suspendedpage.cgi Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.19 Content-Length: 225 Content-Type: text/html; charset=iso-8859-1 | clean |
http://ebce.net/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 3628 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Volcano Hacker ...[1742 bytes skipped]... arge; } </style> </head> <body bgcolor="#000000"> <p class="style1"> <img src="http://img02.arabsh.com/uploads/image/2014/08/31/0c3f404e61fa05.png" width="432" height="430" /> </p> <p class="style2"><span lang="ar-ye" class="style3">.:: </span> <span class="style3"><span class="style4">Hacked By Volcano Hacker</span> ::. </span></p> <p class="style2"> </p> <p class="style2"> </p> <p class="style33"><strong>٠ا اÙÙ٠اÙ٠بط٠ÙÙا اÙÙ٠اÙÙ .. <span class="style11"> ( ٠صÙب٠)</span> اÙا<span class="style11"> ( برÙا٠اÙÙÙر ) </span>ÙاÙخب٠.. ع٠ر٠٠ات٠ÙÙت Ø´ÙØ¡<span class="style11"> Ù٠اÙØ ...[1877 bytes skipped]... | ||
http://ebce.net/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 18 Sep 2014 02:44:27 GMT Location: http://ebce.net/cgi-sys/suspendedpage.cgi Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.19 Content-Length: 225 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ebce.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 18 Sep 2014 02:44:26 GMT
Location: http://ebce.net/cgi-sys/suspendedpage.cgi
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.19
Content-Length: 225
Content-Type: text/html; charset=iso-8859-1
...225 bytes of data.
GET / HTTP/1.1
Host: ebce.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 18 Sep 2014 02:44:26 GMT
Location: http://ebce.net/cgi-sys/suspendedpage.cgi
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.3.19
Content-Length: 225
Content-Type: text/html; charset=iso-8859-1
...225 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ebce.net
Referer: http://www.google.com/search?q=ebce.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ebce.net
Referer: http://www.google.com/search?q=ebce.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ebce.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ebce.net/
Result: ebce.net is not infected or malware details are not published yet.
Result: ebce.net is not infected or malware details are not published yet.