Scanned pages/files
| Request | Server response | Status |
http://news-x-change.com/ | 200 OK Content-Length: 7018 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Turkhackteam | Sehitlerimiz Adina <title>Hacked by Turkhackteam | Sehitlerimiz Adina</title>
<body bgcolor="Black" /> <body oncontextmenu="return false" onselectstart="return false" ondragstart="return false"></body> <img align="left" src="http://i564.photobucket.com/albums/ss87/Mafya_67/zix0zc.png" /> <img align="right" src="http://i564.photobucket.com/albums/ss87/Mafya_67/66da48.png" /> <center><img src="http://i.hizliresim.com/v ...[8295 bytes skipped]... | ||
http://news-x-change.com/wp-admin/ | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 13 Dec 2015 08:40:32 GMT Pragma: no-cache Location: http://news-x-change.com/wp-login.php?redirect_to=http%3A%2F%2Fnews-x-change.com%2Fwp-admin%2F&reauth=1 Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Powered-By: PHP/5.5.27 | clean |
http://news-x-change.com/wp-login.php?redirect_to=http%3a%2f%2fnews-x-change.com%2fwp-admin%2f&reauth=1 | 200 OK Content-Length: 2663 Content-Type: text/html | clean |
http://news-x-change.com/wp-login.php?action=lostpassword | 200 OK Content-Length: 2310 Content-Type: text/html | clean |
http://news-x-change.com/wp-login.php | 200 OK Content-Length: 2663 Content-Type: text/html | clean |
http://news-x-change.com/test404page.js | 404 Not Found Content-Length: 464 Content-Type: text/html | clean |
http://news-x-change.com/?p=1 | 200 OK Content-Length: 6502 Content-Type: text/html | clean |
http://news-x-change.com/?author=1 | 200 OK Content-Length: 4657 Content-Type: text/html | clean |
http://news-x-change.com/?m=201405 | 200 OK Content-Length: 4651 Content-Type: text/html | clean |
http://news-x-change.com/?cat=1 | 200 OK Content-Length: 4673 Content-Type: text/html | clean |
http://news-x-change.com/?feed=rss2 | 200 OK Content-Length: 1657 Content-Type: text/xml | clean |
http://news-x-change.com/?feed=comments-rss2 | 404 Not Found Content-Length: 925 Content-Type: text/xml | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: news-x-change.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 13 Dec 2015 08:40:31 GMT
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
Link: <http://news-x-change.com/>; rel=shortlink
X-Pingback: http://news-x-change.com/xmlrpc.php
X-Powered-By: PHP/5.5.27
GET / HTTP/1.1
Host: news-x-change.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 13 Dec 2015 08:40:31 GMT
Server: Apache/2.4.16 (Unix) OpenSSL/1.0.1e-fips mod_jk/1.2.37 mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
Link: <http://news-x-change.com/>; rel=shortlink
X-Pingback: http://news-x-change.com/xmlrpc.php
X-Powered-By: PHP/5.5.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: news-x-change.com
Referer: http://www.google.com/search?q=news-x-change.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: news-x-change.com
Referer: http://www.google.com/search?q=news-x-change.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=news-x-change.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://news-x-change.com/
Result: news-x-change.com is not infected or malware details are not published yet.
Result: news-x-change.com is not infected or malware details are not published yet.