Scanned pages/files
Request | Server response | Status |
http://csavetidapparel.com/ | 200 OK Content-Length: 13106 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY : ...[9689 bytes skipped]... ath.random() < lit) { split[i].className = "neon"; } else { split[i].className = ""; } } } setInterval(flicker, 100); } //strat sec // end --> </script> </head> <head> <br /> </head> <body style="color: #FFFFFF; background-color: #000000"> <br /><br /> <h2><font color="white" size="8"> HACKED BY : </h2> <h1>Hexlook</h1> <h3><font color="white" size="8"> Team: Pak Cyber Attackers </h3> <div id="matrix" class="auto-style8">|Hexlook is enough to fuck your cyber space | Expect Pakistan, Your Father|</div> <br /> <center><a href="http://tinypic.com?ref=154bkht" target="_blank"><img src="http://i57.tinypic.com/154bkht.jpg" border="0" id="button1" name="button1" width="520" height="290"/& ...[4542 bytes skipped]... | ||
http://csavetidapparel.com/Scripts/swfobject_modified.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://csavetidapparel.com/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: csavetidapparel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 10 Nov 2014 19:36:41 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Content-Length: 13106
Content-Type: text/html
Last-Modified: Thu, 16 Oct 2014 20:07:13 GMT
...13106 bytes of data.
GET / HTTP/1.1
Host: csavetidapparel.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 10 Nov 2014 19:36:41 GMT
Accept-Ranges: bytes
Server: LiteSpeed
Content-Length: 13106
Content-Type: text/html
Last-Modified: Thu, 16 Oct 2014 20:07:13 GMT
...13106 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: csavetidapparel.com
Referer: http://www.google.com/search?q=csavetidapparel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: csavetidapparel.com
Referer: http://www.google.com/search?q=csavetidapparel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=csavetidapparel.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://csavetidapparel.com/
Result: csavetidapparel.com is not infected or malware details are not published yet.
Result: csavetidapparel.com is not infected or malware details are not published yet.