Scanned pages/files
Request | Server response | Status |
http://sotv.co/ | 200 OK Content-Length: 6254 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Clash Hackers ? Be Secure, Your Security Get Down ...[2102 bytes skipped]... ""; for (var i=0; i<tb5_sts.length; i++) tb5_stsmsg += tb5_sts[i]; document.title = tb5_stsmsg; n++; } tb5_timerID = setTimeout("tb5_init("+n+")", tb5_sp); } function tb5_randomizetitle(){ tb5_init(0); } tb5_randomizetitle(); </script><title>Clash Hackers.</title> <base href="." target="_blank"> <meta name="description" content="Hacked by Clash Hackers ? Be Secure, Your Security Get Down"><meta name="keywords" content="Hacked by: Clash Hackers "><meta name="author" content="Indonesian Cyber Freedom"><meta content="Hacked by Clash Hackers" name="Abstract"><meta content="Hacked by Clash Hackers" name="subject"><meta content="Hacked by Clash Hackers" name="copyright"><meta name="robots" content="all"><meta name="robots schedule" content="auto"><meta name="distribution" content="global">&l ...[4418 bytes skipped]... | ||
http://sotv.co/cdn-cgi/l/email-protection | 200 OK Content-Length: 4208 Content-Type: text/html | clean |
http://sotv.co/cdn-cgi/scripts/zepto.min.js | 200 OK Content-Length: 24975 Content-Type: application/javascript | clean |
http://sotv.co/cdn-cgi/scripts/cf.common.js | 200 OK Content-Length: 4408 Content-Type: application/javascript | clean |
http://sotv.co/cdn-cgi/l/ | 200 OK Content-Length: 6254 Content-Type: text/html | clean |
http://sotv.co/test404page.js | 200 OK Content-Length: 6254 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sotv.co
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 19 Sep 2015 10:14:28 GMT
Server: cloudflare-nginx
Content-Type: text/html
CF-RAY: 2284861cfdf416be-ARN
Set-Cookie: __cfduid=d6a89bea5f2c42cfdb2f967658f29c2091442657668; expires=Sun, 18-Sep-16 10:14:28 GMT; path=/; domain=.sotv.co; HttpOnly
X-Powered-By: PHP/5.5.9-1ubuntu4
GET / HTTP/1.1
Host: sotv.co
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 19 Sep 2015 10:14:28 GMT
Server: cloudflare-nginx
Content-Type: text/html
CF-RAY: 2284861cfdf416be-ARN
Set-Cookie: __cfduid=d6a89bea5f2c42cfdb2f967658f29c2091442657668; expires=Sun, 18-Sep-16 10:14:28 GMT; path=/; domain=.sotv.co; HttpOnly
X-Powered-By: PHP/5.5.9-1ubuntu4
Second query (visit from search engine):
GET / HTTP/1.1
Host: sotv.co
Referer: http://www.google.com/search?q=sotv.co
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sotv.co
Referer: http://www.google.com/search?q=sotv.co
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sotv.co
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sotv.co/
Result: sotv.co is not infected or malware details are not published yet.
Result: sotv.co is not infected or malware details are not published yet.