Scanned pages/files
Request | Server response | Status |
http://v-sign.net/ | 200 OK Content-Length: 33533 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Krad Xin ...[140 bytes skipped]... TD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="ja" lang="ja"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF-7" /> <meta http-equiv="content-style-type" content="text/css" /> <meta http-equiv="Content-Script-Type" content="text/javascript" /> <title>Hacked by Krad Xin</title> <meta name="keywords" content="æ å ±åæ,ã¢ãã£ãªã¨ã¤ã,稼ã,å¯æ¥,大é転" /> <meta name="description" content="BD GREY HAT HACKERS" /> <link rel="stylesheet" href="http://v-sign.net/wp-content/themes/blog/style.css" type="text/css" media="all" /> <link rel="alternate" type="application/atom+xml" title="Hacked by Krad Xin Atom Feed" href="http://v-sign.net/feed/atom" /> <li ...[39055 bytes skipped]... | ||
http://code.analysis.shinobi.jp/ninja_ar/Script?id=00047263&hash=3c77147d | 200 OK Content-Length: 9834 Content-Type: text/javascript | clean |
http://v-sign.net/test404page.js | 404 Not Found Content-Length: 16933 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: v-sign.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Jul 2015 11:53:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-7
X-Pingback: http://v-sign.net/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: v-sign.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Jul 2015 11:53:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-7
X-Pingback: http://v-sign.net/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: v-sign.net
Referer: http://www.google.com/search?q=v-sign.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: v-sign.net
Referer: http://www.google.com/search?q=v-sign.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=v-sign.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://v-sign.net/
Result: v-sign.net is not infected or malware details are not published yet.
Result: v-sign.net is not infected or malware details are not published yet.