Scanned pages/files
| Request | Server response | Status |
http://incatpl.biz/ | 200 OK Content-Length: 21789 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-TITLE+AD4-Hacked By HaYaL-ET-06 +ADw-/TITLE+AD4 <!DOCTYPE html> <html dir="ltr" lang="en-US"> <head> <meta charset="UTF-7" /> <title>+ADw-/title+AD4APA-HTML+AD4 +ADw-HEAD+AD4 +ADw-TITLE+AD4-Hacked By HaYaL-ET-06 +ADw-/TITLE+AD4 +ADw-link rel+AD0AIg-SHORTCUT ICON+ACI href+AD0AIg-http://www.HaYaL-ET- 06.NET/favicon.ico+ACIAPg +ADw-BODY bgColor+AD0 black +AD4 +ADw-p align+AD0AIg-center+ACIAPgA8-img src +AD0AIg-http://c1303.hizliresim.com/17/2/kncqu.png+ACI-height+AD0-504 width+AD0-504+ADw-/img+AD4 +ADw-p align+AD0AIg-center+ACIAPgA8-font color +AD0 white size +AD0 5 ...[24437 bytes skipped]... | ||
http://incatpl.biz/wp-content/themes/twentyten/scripts/swfobject_modified.js | 200 OK Content-Length: 21696 Content-Type: application/javascript | clean |
http://incatpl.biz/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://incatpl.biz/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://incatpl.biz/wp-admin/template.php | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://incatpl.biz/category/products/ | 404 Not Found Content-Length: 10104 Content-Type: text/html | clean |
http://incatpl.biz/test404page.js | 404 Not Found Content-Length: 10104 Content-Type: text/html | clean |
http://incatpl.biz/category/offers/ | 404 Not Found Content-Length: 10104 Content-Type: text/html | clean |
http://incatpl.biz/about-us/ | 404 Not Found Content-Length: 10104 Content-Type: text/html | clean |
http://incatpl.biz/contacts/ | 404 Not Found Content-Length: 10104 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: incatpl.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Nov 2015 16:12:32 GMT
Server: Apache
Content-Length: 21789
Content-Type: text/html; charset=UTF-7
Set-Cookie: 0146a075855215b455dc0aea57742c61=c63eb2d94778501b9fe07e440212c7ff; expires=Mon, 30-Nov-2015 16:12:32 GMT; path=/; domain=incatpl.biz
X-Pingback: http://incatpl.biz/xmlrpc.php
X-Powered-By: PHP/5.3.29
...21789 bytes of data.
GET / HTTP/1.1
Host: incatpl.biz
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Nov 2015 16:12:32 GMT
Server: Apache
Content-Length: 21789
Content-Type: text/html; charset=UTF-7
Set-Cookie: 0146a075855215b455dc0aea57742c61=c63eb2d94778501b9fe07e440212c7ff; expires=Mon, 30-Nov-2015 16:12:32 GMT; path=/; domain=incatpl.biz
X-Pingback: http://incatpl.biz/xmlrpc.php
X-Powered-By: PHP/5.3.29
...21789 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: incatpl.biz
Referer: http://www.google.com/search?q=incatpl.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: incatpl.biz
Referer: http://www.google.com/search?q=incatpl.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=incatpl.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://incatpl.biz/
Result: incatpl.biz is not infected or malware details are not published yet.
Result: incatpl.biz is not infected or malware details are not published yet.