Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.mekra.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.mekra.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 17 May 2015 13:22:02 GMT Location: http://sarenche.thehiddencorner.com/index.php/data/incrementcount_url/?jsoncallback=jsonp1342403111100&_=1342403111578&textid=849617&flag=0&domain=http%3A%2F%2Fwww.mekra.com%2F Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 Content-Length: 376 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: XSn=02; path=/; domain=www.mekra.com; expires=Mon, 25-May-2015 03:45:02 GMT | suspicious |
URL: http://sarenche.thehiddencorner.com/index.php/data/incrementcount_url/?jsoncallback=jsonp1342403111100&_=1342403111578&textid=849617&flag=0&domain=http%3A%2F%2Fwww.mekra.com%2F (imitation of visitor from search engine) GET /index.php/data/incrementcount_url/?jsoncallback=jsonp1342403111100&_=1342403111578&textid=849617&flag=0&domain=http%3A%2F%2Fwww.mekra.com%2F HTTP/1.1 Host: sarenche.thehiddencorner.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Sun, 17 May 2015 13:22:04 GMT Location: http://broughtmaximum.medident-mauritius.com/breakingnews/offer_images/finance?width=tguRjB&imagen=sarenche.thehiddencorner.com&ID=YsuwKJ&db=epraxislearning&did=856&Chk=562722704&file=imgmanager&cat=base&_mbox=INBOX Server: Apache Content-Length: 431 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: skhpx=sg; path=/; domain=sarenche.thehiddencorner.com; expires=Sun, 24-May-2015 14:12:04 GMT | suspicious |
URL: http://broughtmaximum.medident-mauritius.com/breakingnews/offer_images/finance?width=tguRjB&imagen=sarenche.thehiddencorner.com&ID=YsuwKJ&db=epraxislearning&did=856&Chk=562722704&file=imgmanager&cat=base&_mbox=INBOX (imitation of visitor from search engine) GET /breakingnews/offer_images/finance?width=tguRjB&imagen=sarenche.thehiddencorner.com&ID=YsuwKJ&db=epraxislearning&did=856&Chk=562722704&file=imgmanager&cat=base&_mbox=INBOX HTTP/1.1 Host: broughtmaximum.medident-mauritius.com Referer: http://www.google.com/search?q=redirect+check3 | HTTP/1.1 302 Found Connection: close Date: Sun, 17 May 2015 13:22:05 GMT Location: http://www.google.com/ Server: Apache Content-Length: 206 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://www.mekra.com/ | 200 OK Content-Length: 14326 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY MONTE MELKONIAN CYBER ARMY ...[11617 bytes skipped]... td colspan="2"><img src="img/b.gif" width="1" height="3"></td> </tr> <tr bgcolor="E0E0E0"> <td><img src="img/b.gif" width="1" height="25"></td> <td width="100%" ><a href="haberler.php?id=45" class="haber_spot" style="text-decoration:none"><h1> HACKED BY MONTE MELKONIAN CYBER ARMY </h1> </a></td> </tr> <tr> <td colspan="2"><img src="img/b.gif" width="1" height="3"></td> </tr> <tr bgcolor="FFFFCC"> <td><img src="img/b.gif" width="1" height="25"></td> <td width=" ...[5639 bytes skipped]... | ||
http://www.mekra.com/flash_01.js | 200 OK Content-Length: 1821 Content-Type: application/javascript | clean |
http://www.mekra.com/icerik.php?grup=1 | 200 OK Content-Length: 14045 Content-Type: text/html | clean |
http://www.mekra.com/4logo.js | 200 OK Content-Length: 1814 Content-Type: application/javascript | clean |
http://www.mekra.com/reboundace_tanitim.php | 200 OK Content-Length: 15358 Content-Type: text/html | clean |
http://www.mekra.com/index.php | 200 OK Content-Length: 14326 Content-Type: text/html | clean |
http://www.mekra.com/icerik.php?grup=3 | 200 OK Content-Length: 13932 Content-Type: text/html | clean |
http://www.mekra.com/aksesuarlar.php | 200 OK Content-Length: 14656 Content-Type: text/html | clean |
http://www.mekra.com/hizmetler_proje.php | 200 OK Content-Length: 15202 Content-Type: text/html | clean |
http://www.mekra.com/sss.php | 200 OK Content-Length: 149878 Content-Type: text/html | clean |
http://www.mekra.com/referanslar.php | 200 OK Content-Length: 24342 Content-Type: text/html | clean |
http://www.mekra.com/sertifikalar.php | 200 OK Content-Length: 15132 Content-Type: text/html | clean |
http://www.mekra.com/iletisim.php | 200 OK Content-Length: 17300 Content-Type: text/html | clean |
http://www.mekra.com/reboundpro_tanitim.php | 200 OK Content-Length: 15419 Content-Type: text/html | clean |
http://www.mekra.com/reboundsynpave_tanitim.php | 200 OK Content-Length: 15268 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mekra.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mekra.com/
Result: mekra.com is not infected or malware details are not published yet.
Result: mekra.com is not infected or malware details are not published yet.