Scanned pages/files
| Request | Server response | Status |
http://norddin.com/ | 200 OK Content-Length: 26183 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By P@KhTuN~72 <html><head><link rel="SHORTCUT ICON" href="http://s.myniceprofile.com/myspacepic/1/th/152.gif">
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> <meta name="title" content="Hacked By P@KhTuN~72"> <title>+=o0o==[Hacked By P@KhTuN~72]==+==o0o</title><script type="text/javascript">window.sendToApp = function(data, ctid) {var doc = window.document;var event = doc.createEvent('MessageEvent');event.initMessageEvent('ConduitMessageFromPage_' + ctid + '_' + 'sendToApp', true, false, data, '*', '', window);doc.dispatchEvent(event);}</script><script type="text/javascript">if (!conduitPage) { ...[30142 bytes skipped]... | ||
http://norddin.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: norddin.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 06 Oct 2014 22:03:32 GMT
Pragma: no-cache
Server: Apache
Content-Length: 26183
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1a14f428471423d41ceca0bffc203d78=f4c8a0509977e691e2a5b5a3a025ea5a; path=/
X-Powered-By: PHP/5.3.27
...26183 bytes of data.
GET / HTTP/1.1
Host: norddin.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 06 Oct 2014 22:03:32 GMT
Pragma: no-cache
Server: Apache
Content-Length: 26183
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1a14f428471423d41ceca0bffc203d78=f4c8a0509977e691e2a5b5a3a025ea5a; path=/
X-Powered-By: PHP/5.3.27
...26183 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: norddin.com
Referer: http://www.google.com/search?q=norddin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: norddin.com
Referer: http://www.google.com/search?q=norddin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=norddin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://norddin.com/
Result: norddin.com is not infected or malware details are not published yet.
Result: norddin.com is not infected or malware details are not published yet.