Scanned pages/files
Request | Server response | Status |
http://indybpo.com/ | 200 OK Content-Length: 3464 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by #Albanian Hacker <html><head><title>Hacked by #Albanian Hacker's Terrorist</title><meta name="description" content="ALBANIAN Protectors!"><meta name="keywords" content="AHT, AHT-CREW, hacked, crackerd, albanian hackers, kosova hackers, Dr.Injectioni,Individ^H4ck, tirana, prishtina, shkupi, exploits code, exploit code, exploits, 0-day, 0day, 0days, exploit, zero day, poc, exploit, local exploits, remote exploits, root exploits, windows, linux, new exploits, latest exploits, ...[3845 bytes skipped]... | ||
http://www.ip2phrase.com/ip2phrase.asp?template=I hope you have a great day in <CITY>. | 200 OK Content-Length: 188 Content-Type: text/html | clean |
http://www.ip2phrase.com/ | 200 OK Content-Length: 34186 Content-Type: text/html | clean |
http://code.google.com/apis/gears/gears_init.js | 404 Not Found Content-Length: 1449 Content-Type: text/html | clean |
http://code.google.com//www.google.com/ | 404 Not Found Content-Length: 1440 Content-Type: text/html | clean |
http://code.google.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/prototype/1.6.1.0/prototype.js | 200 OK Content-Length: 139854 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.3/scriptaculous.js | 200 OK Content-Length: 2936 Content-Type: text/javascript | clean |
http://ads.hexasoft.com.my/ads.js | 200 OK Content-Length: 4680 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.ip2location.com/?utm_source=hexasoft&utm_medium=banner&utm_term=ip2location&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 232 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.geodatasource.com/?utm_source=hexasoft&utm_medium=banner&utm_term=geodatasource&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 234 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.fraudlabs.com/?utm_source=hexasoft&utm_medium=banner&utm_term=fraudlabs&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 230 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.mailboxvalidator.com/?utm_source=hexasoft&utm_medium=banner&utm_term=mailboxvalidator&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 237 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.weatherdatasource.com/?utm_source=hexasoft&utm_medium=banner&utm_term=weatherdatasource&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 238 Content-Type: text/html | clean |
http://ads.hexasoft.com.my/\"http://www.locaproxy.com/?utm_source=hexasoft&utm_medium=banner&utm_term=locaproxy&utm_campaign=hexasoft%20banner\" | 404 Not Found Content-Length: 230 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: indybpo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Jun 2015 07:23:03 GMT
Accept-Ranges: bytes
ETag: "2f6c009-d88-4c4b0f8e6b500"
Server: Apache
Content-Length: 3464
Content-Type: text/html
Last-Modified: Fri, 13 Jul 2012 07:24:36 GMT
...3464 bytes of data.
GET / HTTP/1.1
Host: indybpo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Jun 2015 07:23:03 GMT
Accept-Ranges: bytes
ETag: "2f6c009-d88-4c4b0f8e6b500"
Server: Apache
Content-Length: 3464
Content-Type: text/html
Last-Modified: Fri, 13 Jul 2012 07:24:36 GMT
...3464 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: indybpo.com
Referer: http://www.google.com/search?q=indybpo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: indybpo.com
Referer: http://www.google.com/search?q=indybpo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=indybpo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://indybpo.com/
Result: indybpo.com is not infected or malware details are not published yet.
Result: indybpo.com is not infected or malware details are not published yet.