Scanned pages/files
Request | Server response | Status |
http://ekolas.biz/ | 200 OK Content-Length: 52596 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: hacked by Indonesian Cyber Freedom <title>people_hurt | Indonesian Cyber Freedom</title><body bgcolor=black><table width=100% height=100%><td align=center><span style='font: 40px tahoma;size:40px;color:OrangeRed;text-shadow: 0px 0px 50px;'><strong>hacked by Indonesian Cyber Freedom<br><span style='font: 15px Lucida Calligraphy;size:15px;color:Aqua;text-shadow: 0px 0px 50px;'><strong>We Are : dEnny_Attacker - Mr. DellatioNx196 - SvN_NeVerMore - ./Ardana_ID - Achan Dot ID - CaptSalkus48 - Mr.HaurgeulisX196 - SengkeL - Railver6 - people_hurt - Wall-e83 - TOGEL3739 - Pooi Chai - Ghost99 - Seringhai - Zomb0x
<br><br> greets: asu crew and you <embed src="https://w ...[54738 bytes skipped]... | ||
http://ekolas.biz/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 19 Jun 2015 17:43:01 GMT Location: http://medical-brothers.com/ Server: nginx Vary: Accept-Encoding Content-Length: 212 Content-Type: text/html; charset=iso-8859-1 | clean |
http://medical-brothers.com/ | HTTP/1.1 302 Found Connection: close Date: Fri, 19 Jun 2015 17:43:11 GMT Location: http://ww1.medical-brothers.com Server: nginx/1.9.1 Content-Length: 11 | clean |
http://ww1.medical-brothers.com/ | HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate Cache-Control: post-check=0, pre-check=0 Connection: close Date: Fri, 19 Jun 2015 17:43:02 GMT Pragma: no-cache Server: Apache Vary: User-Agent,Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Fri, 19 Jun 2015 17:43:02 GMT Set-Cookie: tu=cbfbe1c1c5508fdc2ecb4e02af01d972; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=medical-brothers.com; httponly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c+o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_czJKVVtX76uO6SAPGc82xwW52XUgaXGSE2nxdIjxZEWModrBVuhNj4jJkxgKFocGapGZRpL9nbQ+wq88SSoIpw== X-Cache: MISS from 210767 X-Powered-By: PHP/5.3.3-7+squeeze25 | clean |
http://ww1.medical-brothers.com//?gtnjs=1/ | 200 OK Content-Length: 20545 Content-Type: text/html | clean |
http://img.sedoparking.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 52770 Content-Type: application/x-javascript | clean |
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 210404 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ekolas.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Jun 2015 17:43:00 GMT
Server: nginx
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: ekolas.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Jun 2015 17:43:00 GMT
Server: nginx
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: ekolas.biz
Referer: http://www.google.com/search?q=ekolas.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ekolas.biz
Referer: http://www.google.com/search?q=ekolas.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ekolas.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ekolas.biz/
Result: ekolas.biz is not infected or malware details are not published yet.
Result: ekolas.biz is not infected or malware details are not published yet.