Scanned pages/files
Request | Server response | Status |
http://gilboa77.com/ | 200 OK Content-Length: 21333 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY THE KEY40 <!-- Website settings --> <html> <head> <script language="JavaScript1.2" src="Utils/BaseFunctions.js"></script> <title>HACKED BY THE KEY40</title> <META NAME="description" CONTENT="HACKED BY THE KEY40"> <META NAME="keywords" CONTENT=""> <META HTTP-EQUIV="cache-control" CONTENT="no-cache"> <META HTTP-EQUIV="pragma" CONTENT="no-cache"> <META HTTP-EQUIV="expires" CONTENT="Wed, 26 Feb 1997 08:21:57 GMT"> <META http-equiv="Content-Type" content="text/html;charset=windows-1255"> <LINK REL=" ...[26890 bytes skipped]... | ||
http://gilboa77.com/Utils/BaseFunctions.js | 200 OK Content-Length: 933 Content-Type: application/x-javascript | clean |
http://gilboa77.com/default.asp | 200 OK Content-Length: 21333 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=21 | 200 OK Content-Length: 12273 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=17 | 200 OK Content-Length: 8576 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=16 | HTTP/1.1 302 Object moved Cache-Control: private Cache-Control: no-cache Date: Wed, 23 Apr 2014 02:09:15 GMT Pragma: no-cache Location: default.asp?pageid=24 Server: Microsoft-IIS/6.0 Content-Length: 142 Content-Type: text/html; Charset=windows-1255 Expires: Tue, 22 Apr 2014 02:09:14 GMT Set-Cookie: ASPSESSIONIDASSRQRDC=PCMIJBADIFCKPIDBKLDEGIFK; path=/ X-Powered-By: ASP.NET | clean |
http://gilboa77.com/default.asp?pageid=24 | 200 OK Content-Length: 9088 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=19 | 200 OK Content-Length: 8494 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=20 | 200 OK Content-Length: 7461 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?PageId=22 | 200 OK Content-Length: 7085 Content-Type: text/html | clean |
http://gilboa77.com/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?pageid=23 | 200 OK Content-Length: 7782 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?pageid=27 | 200 OK Content-Length: 10047 Content-Type: text/html | clean |
http://gilboa77.com/default.asp?pageid=25&Id=3 | 200 OK Content-Length: 7644 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gilboa77.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Cache-Control: no-cache
Date: Wed, 23 Apr 2014 02:09:11 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Length: 21333
Content-Type: text/html; Charset=windows-1255
Expires: Tue, 22 Apr 2014 02:09:10 GMT
Set-Cookie: ASPSESSIONIDASSRQRDC=HCMIJBADFMHEBOGPKDFOHPNI; path=/
X-Powered-By: ASP.NET
...21333 bytes of data.
GET / HTTP/1.1
Host: gilboa77.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Cache-Control: no-cache
Date: Wed, 23 Apr 2014 02:09:11 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Length: 21333
Content-Type: text/html; Charset=windows-1255
Expires: Tue, 22 Apr 2014 02:09:10 GMT
Set-Cookie: ASPSESSIONIDASSRQRDC=HCMIJBADFMHEBOGPKDFOHPNI; path=/
X-Powered-By: ASP.NET
...21333 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gilboa77.com
Referer: http://www.google.com/search?q=gilboa77.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gilboa77.com
Referer: http://www.google.com/search?q=gilboa77.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gilboa77.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gilboa77.com/
Result: gilboa77.com is not infected or malware details are not published yet.
Result: gilboa77.com is not infected or malware details are not published yet.