Scanned pages/files
Request | Server response | Status |
http://ictville.com/ | 200 OK Content-Length: 127931 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: U.S. military social media accounts apparently hacked by Islamic State sympathizers ...[42486 bytes skipped]... ps or heâll ban them</a></h2> </div></div><!--post--> <div class="slide"> <div class="post"> <div class="post-img-medium"><a href="http://ictville.com/2015/01/u-s-military-social-media-accounts-apparently-hacked-by-islamic-state-sympathizers/" rel="bookmark" title="U.S. military social media accounts apparently hacked by Islamic State sympathizers"><img width="1" height="1" src="http://ictville.com/wp-content/uploads/2015/01/CENTCOM-hacked-3.jpg" class="attachment-featured-thumb wp-post-image" alt="CENTCOM-hacked-3" /></a></div> <h2><a href="http://ictville.com/2015/01/u-s-military-social-media-accounts-apparently-hacked-by-islamic-state-sympathizers/" rel="bookmark" title="U.S. military social media accounts apparently hacked by Islamic State ...[104645 bytes skipped]... | ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 24587 Content-Type: text/javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 110038 Content-Type: application/javascript | clean |
http://ictville.com//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 10 Jul 2015 19:39:09 GMT Pragma: no-cache Location: http://ictville.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=5339262b399f62f13e2b2d42e92d707b; path=/ X-Pingback: http://ictville.com/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://ictville.com/pagead2.googlesyndication.com/pagead/js/adsbygoogle.js/ | 404 Not Found Content-Length: 76733 Content-Type: text/html | clean |
http://bdv.bidvertiser.com/BidVertiser.dbm?pid=565797&bid=1472398 | 200 OK Content-Length: 39 | clean |
http://bdv.bidvertiser.com/test404page.js | 200 OK Content-Length: 50 | clean |
http://ictville.com/wp-content/plugins/nrelate-most-popular/admin/nrelate_js.min.js?ver=0.52.7 | 200 OK Content-Length: 45188 Content-Type: application/x-javascript | clean |
http://ictville.com/wp-content/plugins/popular-widget/_js/pop-widget.js?ver=1.6.6 | 200 OK Content-Length: 1050 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ictville.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 10 Jul 2015 19:39:04 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=bf7cfcb7e24873fb4de4c06ffeffe0c4; path=/
X-Pingback: http://ictville.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: ictville.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 10 Jul 2015 19:39:04 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=bf7cfcb7e24873fb4de4c06ffeffe0c4; path=/
X-Pingback: http://ictville.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: ictville.com
Referer: http://www.google.com/search?q=ictville.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ictville.com
Referer: http://www.google.com/search?q=ictville.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ictville.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ictville.com/
Result: ictville.com is not infected or malware details are not published yet.
Result: ictville.com is not infected or malware details are not published yet.