Scanned pages/files
| Request | Server response | Status |
http://iwguru.com/ | 200 OK Content-Length: 10593 Content-Type: text/html | clean |
http://iwguru.com/.ftpquota | 200 OK Content-Length: 17 Content-Type: text/plain | clean |
http://iwguru.com/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://iwguru.com/400.shtml | 200 OK Content-Length: 573 Content-Type: text/html | clean |
http://iwguru.com/401.shtml | 200 OK Content-Length: 573 Content-Type: text/html | clean |
http://iwguru.com/404.shtml | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://iwguru.com/App_Data/ | 200 OK Content-Length: 9696 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ...[795 bytes skipped]... 6 {color: #00FF00} img{border:4px double green; box-shadow:0px 9px 15px white; border-radius:10px;} .thanks{border:4px double green; box-shadow:0px 2px 20px white; border-radius:10px; padding:9px;} .a {text-shadow:0px 1px 10px lime;}</style></head><body></body><center><p></p><font face="Orbitron" size="7" color="WHITE" class="a">Hacked By </font><font face="Orbitron" size="7" color="green" class="">Xbo0ter</font><center><br /> <center><img src="http://oi53.tinypic.com/vq320x.jpg" border"0"</center> <html xmlns="http://www.w3.org/1999/xhtml"><head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <br><br><br><br> </marquee>& ...[11280 bytes skipped]... | ||
http://iwguru.com/Flash/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/Industrial_centum/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/InsertWidget.js | 200 OK Content-Length: 6706 Content-Type: application/javascript | clean |
http://iwguru.com/LTD/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/PMP1/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/PMP2/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/Paradise1/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://iwguru.com/Paradise2/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iwguru.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Mar 2015 00:27:12 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
GET / HTTP/1.1
Host: iwguru.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Mar 2015 00:27:12 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Second query (visit from search engine):
GET / HTTP/1.1
Host: iwguru.com
Referer: http://www.google.com/search?q=iwguru.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iwguru.com
Referer: http://www.google.com/search?q=iwguru.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iwguru.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://iwguru.com/
Result: iwguru.com is not infected or malware details are not published yet.
Result: iwguru.com is not infected or malware details are not published yet.