Scanned pages/files
Request | Server response | Status |
http://hcsim.com/ | 200 OK Content-Length: 54595 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/xu4t3k4sjmo?&autoplay=1 <iframe allowfullscreen="" frameborder="0" height="0" src="http://www.youtube.com/embed/xu4t3k4sjmo?&autoplay=1" width="0"> Deface/Content modification. The following signature was found: Hacked By B3lirsiz ...[117 bytes skipped]... l.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en"> <head> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><!-- start: index --> <html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <body bgcolor="white"> <title>Hacked By B3lirsiz</title> <p style="text-align: center;"> </p> <p style="text-align: center;"></p> <center> <img alt="" src="http://www.resim-yukle.org/images/2014/11/29/cyberizm-turan.gif" style="width: 452px; height: 300px;" /> <p> </p> </center> <h2 style="text-align: center;"> <span style="color:#ff0000;">CYBERiZM SUNAR</span ...[68654 bytes skipped]... | ||
http://www.adcash.com/script/java.php?option=rotateur&rotateur=359571 | 200 OK Content-Length: 9534 Content-Type: text/html | clean |
http://www.adcash.com/test404page.js | 404 Not Found Content-Length: 565 Content-Type: text/html | clean |
http://hcsim.com/clientscript/vbulletin_overlay.js?v=411 | 200 OK Content-Length: 14429 Content-Type: application/javascript | clean |
http://hcsim.com/clientscript/vbulletin_cms.js?v=411 | 200 OK Content-Length: 3784 Content-Type: application/javascript | clean |
http://hcsim.com/clientscript/vbulletin_ajax_htmlloader.js?v=411 | 200 OK Content-Length: 1913 Content-Type: application/javascript | clean |
http://hcsim.com/clientscript/vbulletin_md5.js?v=411 | 200 OK Content-Length: 5464 Content-Type: application/javascript | clean |
http://hcsim.com/clientscript/vbulletin_lightbox.js?v=411 | 200 OK Content-Length: 12216 Content-Type: application/javascript | clean |
http://hcsim.com/clientscript/yui/treeview/treeview-min.js | 200 OK Content-Length: 32232 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hcsim.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Mon, 22 Dec 2014 21:27:49 GMT
Pragma: private
Server: Apache
Content-Length: 54595
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bb_sessionhash=799662a5ecf968800b720c20bce99317; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1419283669; expires=Tue, 22-Dec-2015 21:27:49 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Tue, 22-Dec-2015 21:27:49 GMT; path=/
...54595 bytes of data.
GET / HTTP/1.1
Host: hcsim.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Mon, 22 Dec 2014 21:27:49 GMT
Pragma: private
Server: Apache
Content-Length: 54595
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bb_sessionhash=799662a5ecf968800b720c20bce99317; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1419283669; expires=Tue, 22-Dec-2015 21:27:49 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Tue, 22-Dec-2015 21:27:49 GMT; path=/
...54595 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hcsim.com
Referer: http://www.google.com/search?q=hcsim.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hcsim.com
Referer: http://www.google.com/search?q=hcsim.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hcsim.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hcsim.com/
Result: hcsim.com is not infected or malware details are not published yet.
Result: hcsim.com is not infected or malware details are not published yet.