Scanned pages/files
Request | Server response | Status |
http://www.phyreworks.com/ | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 19:28:28 GMT Location: http://www.phyreworks.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.phyreworks.com%2F Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.phyreworks.com/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://www.phyreworks.com/wp-login.php?redirect_to=http%3a%2f%2fwww.phyreworks.com%2f | 200 OK Content-Length: 2434 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: </title>hacked by ceo (mcgbg) turkhackteam.net<DIV style="DISPLAY: none"><x <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"> <head> <title></title>hacked by ceo (mcgbg) turkhackteam.net<DIV style="DISPLAY: none"><xmp> › Log In</title> <meta http-equiv="Content-Type" content="text/html; c ...[2566 bytes skipped]... | ||
http://www.phyreworks.com/wp-login.php?action=lostpassword | 200 OK Content-Length: 2053 Content-Type: text/html | clean |
http://www.phyreworks.com/wp-login.php | 200 OK Content-Length: 2443 Content-Type: text/html | clean |
http://www.phyreworks.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sat, 04 Oct 2014 19:28:30 GMT Location: http://cyclevasion.be/tinymce/examples/upy.php Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://cyclevasion.be/tinymce/examples/upy.php | 500 Can't connect to cyclevasion.be:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
http://cyclevasion.be/test404page.js | 500 Can't connect to cyclevasion.be:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: phyreworks.com
Result:
GET / HTTP/1.1
Host: phyreworks.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: phyreworks.com
Referer: http://www.google.com/search?q=phyreworks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: phyreworks.com
Referer: http://www.google.com/search?q=phyreworks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=phyreworks.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://phyreworks.com/
Result: phyreworks.com is not infected or malware details are not published yet.
Result: phyreworks.com is not infected or malware details are not published yet.