Scanned pages/files
Request | Server response | Status |
http://www.thermalzombie.com/ | 200 OK Content-Length: 25277 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Alarg53 ...[129 bytes skipped]... r/><html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>thermalzombie</title> <link rel="stylesheet" type="text/css" href="css/default.css"> </head> <div class="wrapper"> <h1>Thermalzombie</h1> <h2>Gaming Blog</h2> <div class="post" id="post-22"> <h4><a href="hacked-by-alarg53-5">Hacked By Alarg53</a></h4> <span class="date">May 12, 2015</span> <div class="post-content"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Hacked By Alarg53</title> <style type="text/css"> <!-- *, html { margin:0; padding:0; ...[30178 bytes skipped]... | ||
http://shahrmajazi.com/upload/tools/shahrmajazi196.com.js | 200 OK Content-Length: 778 Content-Type: application/javascript | clean |
http://1abzaar.ir/abzar/tools/no-rightclick.js | 200 OK Content-Length: 443 Content-Type: application/javascript | clean |
https://googledrive.com/host/0BwlVU1_5kLcNMzRHTkFiTjJMX0E | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Fri, 22 May 2015 00:04:57 GMT Pragma: no-cache Accept-Ranges: none Location: https://c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com/host/0BwlVU1_5kLcNMzRHTkFiTjJMX0E Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com/host/0bwlvu1_5klcnmzrhtkfitjjmx0e | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store, max-age=0, must-revalidate Connection: close Date: Fri, 22 May 2015 00:04:57 GMT Pragma: no-cache Accept-Ranges: none Location: https://e215bb3e949e17ea96e4ac49cc6cd845a0db0212-c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com/host/0bwlvu1_5klcnmzrhtkfitjjmx0e Server: GSE Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Expires: Fri, 01 Jan 1990 00:00:00 GMT Access-Control-Allow-Credentials: false Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, GData-Version, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, Slug, Transfer-Encoding, X-ClientDetails, X-GData-Client, X-GData-Key, X-Goog-AuthUser, X-Goog-PageId, X-Goog-Encode-Response-If-Executable, X-Goog-Correlation-Id, X-Goog-Request-Info, X-Goog-Experiments, x-goog-iam-role, x-goog-iam-authorization-token, X-Goog-Spatula, X-Goog-Upload-Command, X-Goog-Upload-Content-Disposition, X-Goog-Upload-Content-Length, X-Goog-Upload-Content-Type, X-Goog-Upload-File-Name, X-Goog-Upload-Offset, X-Goog-Upload-Protocol, X-Goog-Visitor-Id, X-HTTP-Method-Override, X-JavaScript-User-Agent, X-Pan-Versionid, X-Origin, X-Referer, X-Upload-Content-Length, X-Upload-Content-Type, X-Use-HTTP-Status-Code-Override, X-YouTube-VVT, X-YouTube-Page-CL, X-YouTube-Page-Timestamp Access-Control-Allow-Methods: GET,OPTIONS Access-Control-Allow-Origin: * Alternate-Protocol: 443:quic,p=1 X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block | clean |
https://e215bb3e949e17ea96e4ac49cc6cd845a0db0212-c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com/host/0bwlvu1_5klcnmzrhtkfitjjmx0e | 500 Can't connect to e215bb3e949e17ea96e4ac49cc6cd845a0db0212-c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com:443 Content-Length: 274 Content-Type: text/plain | clean |
http://e215bb3e949e17ea96e4ac49cc6cd845a0db0212-c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com/test404page.js | 500 Can't connect to e215bb3e949e17ea96e4ac49cc6cd845a0db0212-c2caacdf2c7632c6b3fc500c5f833d05cb7f5011.googledrive.com:80 Content-Length: 272 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thermalzombie.com
Result:
GET / HTTP/1.1
Host: thermalzombie.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: thermalzombie.com
Referer: http://www.google.com/search?q=thermalzombie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thermalzombie.com
Referer: http://www.google.com/search?q=thermalzombie.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thermalzombie.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thermalzombie.com/
Result: thermalzombie.com is not infected or malware details are not published yet.
Result: thermalzombie.com is not infected or malware details are not published yet.