Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.underecow.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.underecow.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Cache-Control: max-age=0 Connection: close Date: Wed, 20 Aug 2014 01:04:24 GMT Location: http://qesopv.4pu.com/ Server: nginx Content-Length: 0 Content-Type: text/html Expires: Wed, 20 Aug 2014 01:04:24 GMT | malicious |
Scanned pages/files
| Request | Server response | Status |
http://www.underecow.com/ | 200 OK Content-Length: 18782 Content-Type: text/html | clean |
http://www.underecow.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.underecow.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.underecow.com/wp-content/plugins/lightbox-plus/js/jquery.colorbox.1.5.9.js?ver=1.5.9 | 200 OK Content-Length: 29153 Content-Type: application/javascript | clean |
http://www.underecow.com/feed/ | 200 OK Content-Length: 55429 Content-Type: text/xml | suspicious |
Page code contains blacklisted domain: www.firmaetiket.com <?xml version="1.0" encoding="UTF-8"?> <rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>UndeRecoW ...[4495 bytes skipped]... | ||
http://www.underecow.com/test404page.js | 404 Not Found Content-Length: 6174 Content-Type: text/html | clean |
http://www.underecow.com/arsiv/ | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://www.google.com/recaptcha/api/challenge?k=6LeEHr4SAAAAAE4ob3UYMndpOnXQAcZt-My1zYZ8 | 200 OK Content-Length: 8930 Content-Type: text/javascript | clean |
http://www.underecow.com/wp-includes/js/comment-reply.min.js?ver=3.9.2 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://www.underecow.com/hakkinda/ | 200 OK Content-Length: 10446 Content-Type: text/html | clean |
http://www.underecow.com/iletisim/ | 200 OK Content-Length: 9853 Content-Type: text/html | clean |
http://www.underecow.com/site-haritasi/ | 200 OK Content-Length: 9647 Content-Type: text/html | clean |
http://www.underecow.com/category/arsiv/ | 200 OK Content-Length: 61569 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.firmaetiket.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="tr-TR"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title> UndeRecoW | Archive | ARÅÄ°V </title> <!--[if !IE ...[4209 bytes skipped]... | ||
http://www.underecow.com/category/genel/ | 200 OK Content-Length: 35127 Content-Type: text/html | clean |
http://www.underecow.com/genel/dostlar-mi-dediniz/ | 200 OK Content-Length: 10897 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=underecow.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://underecow.com/
Result: underecow.com is not infected or malware details are not published yet.
Result: underecow.com is not infected or malware details are not published yet.