Scanned pages/files
Request | Server response | Status |
http://www.hengpan56.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 26 Aug 2014 15:39:24 GMT Location: http://hengpan56.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-7 X-Pingback: http://hengpan56.com/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://hengpan56.com/ | 200 OK Content-Length: 45365 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-title+AD4.:: Hacked By +ACYAIw-1575+ADsAJgAj-1604+ADsAJgAj-1593+ADsAJgAj-1605+ADsAJgAj-1583+ADs ...[218 bytes skipped]... /EN+ACI +ACI-http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd+ACIAPg +ADw-html xmlns+AD0AIg-http://www.w3.org/1999/xhtml+ACI xmlns:og+AD0AIg-http://ogp.me/ns+ACMAIg xmlns:fb+AD0AIg-http://www.facebook.com/dope.weed.boy+ACIAPg +ADw-head+AD4 +ADw-meta content+AD0AIg-text/html+ADs charset+AD0-UTF-8+ACI http-equiv+AD0AIg-Content-Type+ACIAPg +ADw-title+AD4.:: Hacked By +ACYAIw-1575+ADsAJgAj-1604+ADsAJgAj-1593+ADsAJgAj-1605+ADsAJgAj-1583+ADsAJgAj-1577+ADs ::.+ADw-/title+AD4 +ADw-meta name+AD0AIg-description+ACI content+AD0AIg-Hacked By +ACYAIw-1575+ADsAJgAj-1604+ADsAJgAj-1593+ADsAJgAj-1605+ADsAJgAj-1583+ADsAJgAj-1577+ADsAIg /+AD4 +ADw-meta name+AD0AIg-keywords+ACI content+AD0AIg-AnonTunisia+ACI /+AD4 +ADw-meta name+AD0AIg-copyright+ACI content+AD0AIg-AnonTunisia ? 2014 +ACI /+AD4 +ADw-meta name+AD0AIg-author+ACI content+AD0AIg-3omda+ACI /+AD4 ...[47647 bytes skipped]... | ||
http://hengpan56.com/wp-content/themes/seven/js/jquery.min.js | 200 OK Content-Length: 57075 Content-Type: application/javascript | clean |
http://hengpan56.com/wp-content/themes/seven/js/jquery.nivo.slider.pack.js | 200 OK Content-Length: 11506 Content-Type: application/javascript | clean |
http://www.hengpan56.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hengpan56.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 15:39:25 GMT
Server: Apache
Content-Type: text/html; charset=UTF-7
X-Pingback: http://hengpan56.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: hengpan56.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 Aug 2014 15:39:25 GMT
Server: Apache
Content-Type: text/html; charset=UTF-7
X-Pingback: http://hengpan56.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: hengpan56.com
Referer: http://www.google.com/search?q=hengpan56.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hengpan56.com
Referer: http://www.google.com/search?q=hengpan56.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hengpan56.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hengpan56.com/
Result: hengpan56.com is not infected or malware details are not published yet.
Result: hengpan56.com is not infected or malware details are not published yet.