Scanned pages/files
| Request | Server response | Status |
http://xfreile-co.com/ | 200 OK Content-Length: 1442 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By AyyildizTim <html>
<title>Hacked By AyyildizTim</title> <style> html, body { font-family: Segoe UI Light; } h1 { color: black; margin-top: 20px; } h2 { color: black; font-size: 50px; } .boton{ text-align:center; text-decoration: none; font-family: 'Helvetica Neue', Helvetica, sans-serif; display:inline-block; color: #FFF; background: #7F8C8D; ...[1350 bytes skipped]... | ||
http://xfreile-co.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Mon, 16 Feb 2015 03:34:08 GMT Location: http://online-med-store24.com/ Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 403 Content-Type: text/html; charset=iso-8859-1 | clean |
http://online-med-store24.com/ | 500 Can't connect to online-med-store24.com:80 Content-Length: 197 Content-Type: text/plain | clean |
http://online-med-store24.com/test404page.js | 500 Can't connect to online-med-store24.com:80 Content-Length: 197 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xfreile-co.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 16 Feb 2015 03:34:07 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 16 Feb 2015 03:34:07 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 83f8fdae95a6f711ea0e120ee9323db4=4f23fa308e8f2f85db51a2312ebdb3c8; path=/
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: xfreile-co.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 16 Feb 2015 03:34:07 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 16 Feb 2015 03:34:07 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 83f8fdae95a6f711ea0e120ee9323db4=4f23fa308e8f2f85db51a2312ebdb3c8; path=/
Set-Cookie: lang=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: xfreile-co.com
Referer: http://www.google.com/search?q=xfreile-co.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xfreile-co.com
Referer: http://www.google.com/search?q=xfreile-co.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xfreile-co.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xfreile-co.com/
Result: xfreile-co.com is not infected or malware details are not published yet.
Result: xfreile-co.com is not infected or malware details are not published yet.