Scanned pages/files
Request | Server response | Status |
http://ordukocoglumobilya.com/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: close Date: Tue, 22 Dec 2015 22:34:29 GMT Accept-Ranges: bytes Location: http://ordukocoglumobilya.com/cgi-sys/suspendedpage.cgi Server: LiteSpeed Content-Length: 1123 Content-Type: text/html | clean |
http://ordukocoglumobilya.com/cgi-sys/suspendedpage.cgi | 200 OK Content-Length: 7837 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By: 4Ri3 60ndr0n9 | Security Tester XXX~HACKER TEAM was here.!!!!! | West Borneo Hacker | IND ...[105 bytes skipped]... ml1-transitional.dtd"> <head> <meta http-equiv="X-UA-Compatible" content="IE-9"/> <meta content='text/html; charset=UTF-8' http-equiv='Content-Type'/> <title>«à¹à®ãXXX~HACKER TEAMãà®à¹Â»</title> <meta name="author" content="4213 60ndr0n9" /> <meta name="description" content="Hacked By: 4Ri3 60ndr0n9 | Security Tester XXX~HACKER TEAM was here.!!!!! | West Borneo Hacker | INDONESIA" /> <link rel="SHORTCUT ICON" href="http://xxx-hacker.net/images/x.gif"> <link rel="stylesheet" type="text/css" href="https://googledrive.com/host/0B5uxp5skWMQeQXdabWoxUHc0V1U" media="all"> <!--[if IE]> <style>#fade{display:none}</style> <![endif]--> </head> <body onkeydown="return false;" ondragstart="return false" onselectstart="return fal ...[8924 bytes skipped]... | ||
https://googledrive.com/host/0B5uxp5skWMQeUHFYSEphT1lQM3c | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 22 Dec 2015 22:34:32 GMT Pragma: no-cache Accept-Ranges: none Location: https://8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com/host/0B5uxp5skWMQeUHFYSEphT1lQM3c Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com/host/0b5uxp5skwmqeuhfysepht1lqm3c | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Tue, 22 Dec 2015 22:34:32 GMT Pragma: no-cache Accept-Ranges: none Location: https://5ec8f1a2c396f4f5b38fd8796979d978febedd23-8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com/host/0b5uxp5skwmqeuhfysepht1lqm3c Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, Want-Digest, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-authority-selector, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alt-Svc: quic=":443"; ma=604800; v="30,29,28,27,26,25" Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://5ec8f1a2c396f4f5b38fd8796979d978febedd23-8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com/host/0b5uxp5skwmqeuhfysepht1lqm3c | 500 Can't connect to 5ec8f1a2c396f4f5b38fd8796979d978febedd23-8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com:443 Content-Length: 274 Content-Type: text/plain | clean |
http://5ec8f1a2c396f4f5b38fd8796979d978febedd23-8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com/test404page.js | 500 Can't connect to 5ec8f1a2c396f4f5b38fd8796979d978febedd23-8b733515c4509bbacfd2f7f24f397fc9209cf2a5.googledrive.com:80 Content-Length: 272 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ordukocoglumobilya.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: close
Date: Tue, 22 Dec 2015 22:34:29 GMT
Accept-Ranges: bytes
Location: http://ordukocoglumobilya.com/cgi-sys/suspendedpage.cgi
Server: LiteSpeed
Content-Length: 1123
Content-Type: text/html
...1123 bytes of data.
GET / HTTP/1.1
Host: ordukocoglumobilya.com
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate, max-age=0
Connection: close
Date: Tue, 22 Dec 2015 22:34:29 GMT
Accept-Ranges: bytes
Location: http://ordukocoglumobilya.com/cgi-sys/suspendedpage.cgi
Server: LiteSpeed
Content-Length: 1123
Content-Type: text/html
...1123 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ordukocoglumobilya.com
Referer: http://www.google.com/search?q=ordukocoglumobilya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ordukocoglumobilya.com
Referer: http://www.google.com/search?q=ordukocoglumobilya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ordukocoglumobilya.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ordukocoglumobilya.com/
Result: ordukocoglumobilya.com is not infected or malware details are not published yet.
Result: ordukocoglumobilya.com is not infected or malware details are not published yet.