Scanned pages/files
| Request | Server response | Status |
http://greenwheelsweb.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=172800 Connection: close Date: Fri, 17 Jul 2015 23:47:56 GMT Location: http://www.greenwheelsweb.com/ Server: nginx/1.7.9 Vary: Accept-Encoding Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 19 Jul 2015 23:47:56 GMT X-Proxy-Cache: MISS | clean |
http://www.greenwheelsweb.com/ | 200 OK Content-Length: 2615 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Arshia Danger ...[1323 bytes skipped]... } h1:hover{font-size:70px; transition:all 1s; cursor:pointer;} .box{width:100%; height:250px; background:rgba(204,204,204,0.5);} </style> </head> <body> <center> <text text-anchor="middle" x="96%" y="50%" dy=".35em" class="text"> Anonymous </text> <h1 class="text">Hacked By Arshia Danger</h1> <div class="box"><h1 style="font-size:41px;color:#F00" class="text">GMail:anonymousdontforgivee & Yahoo: <a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="bae38adc8cfac3dbd2d5d594d9d5d7">[email protected]</a><script cf-hash='f9e31' type="text/javascript"> /* <![CDATA[ */!function(){try{var t="currentScript"in document?document.currentScript:function(){for(var t=document.getElements ...[784 bytes skipped]... | ||
http://www.greenwheelsweb.com/cdn-cgi/l/email-protection | 200 OK Content-Length: 4161 Content-Type: text/html | clean |
http://www.greenwheelsweb.com/cdn-cgi/scripts/zepto.min.js | 200 OK Content-Length: 24975 Content-Type: application/javascript | clean |
http://www.greenwheelsweb.com/cdn-cgi/scripts/cf.common.js | 200 OK Content-Length: 4408 Content-Type: application/javascript | clean |
http://www.greenwheelsweb.com//www.cloudflare.com/sign-up/ | 200 OK Content-Length: 2615 Content-Type: text/html | clean |
http://www.greenwheelsweb.com/test404page.js | 200 OK Content-Length: 2615 Content-Type: text/html | clean |
http://www.greenwheelsweb.com/cdn-cgi/l/ | 200 OK Content-Length: 2615 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: greenwheelsweb.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=172800
Connection: close
Date: Fri, 17 Jul 2015 23:47:56 GMT
Location: http://www.greenwheelsweb.com/
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 19 Jul 2015 23:47:56 GMT
X-Proxy-Cache: MISS
...238 bytes of data.
GET / HTTP/1.1
Host: greenwheelsweb.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=172800
Connection: close
Date: Fri, 17 Jul 2015 23:47:56 GMT
Location: http://www.greenwheelsweb.com/
Server: nginx/1.7.9
Vary: Accept-Encoding
Content-Length: 238
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 19 Jul 2015 23:47:56 GMT
X-Proxy-Cache: MISS
...238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: greenwheelsweb.com
Referer: http://www.google.com/search?q=greenwheelsweb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: greenwheelsweb.com
Referer: http://www.google.com/search?q=greenwheelsweb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=greenwheelsweb.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://greenwheelsweb.com/
Result: greenwheelsweb.com is not infected or malware details are not published yet.
Result: greenwheelsweb.com is not infected or malware details are not published yet.