Scanned pages/files
| Request | Server response | Status |
http://justmahogany.com/ | 200 OK Content-Length: 84855 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-/title+AD4-Hacked ByDoldis / TurkHackTeam.Net ...[194 bytes skipped]... f]--> <!--[if IE 8 ]><html class="ie ie8" lang="en-US"> <![endif]--> <!--[if (gte IE 9)|!(IE)]><!--><html lang="en-US"> <!--<![endif]--><head> <meta charset="UTF-7" /> <meta name="viewport" content="width=device-width, initial-scale=1, minimum-scale=1, maximum-scale=1, user-scalable=no" /> <title>+ADw-/title+AD4-Hacked ByDoldis / TurkHackTeam.Net Hacked ByDoldis / TurkHackTeam.Net Hacked ByDoldis / TurkHackTeam.Net Hacked ByDoldis / TurkHackTeam.Net Hacked ByDoldis / TurkHackTeam.Net+ADw-DIV style+AD0AIg-DISPLAY: none+ACIAPgA8-xmp+AD4- | Presidents Desk</title> <link rel="profile" href="http://gmpg.org/xfn/11" /> <link rel="pingback" href="http://thepresidentsdesk.com/xmlrpc.php" /> <!-- ******************************************** ...[94699 bytes skipped]... | ||
http://thepresidentsdesk.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-includes/js/comment-reply.min.js?ver=3.8.3 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.44.0-2013.09.15 | 200 OK Content-Length: 14701 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.5.3 | 200 OK Content-Length: 8326 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-includes/js/hoverIntent.min.js?ver=r7 | 200 OK Content-Length: 1116 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/js/jquery.superfish-1.5.0.js?ver=1.5.0 | 200 OK Content-Length: 3234 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/js/jquery.iosslider.min.js?ver=1.1.56 | 200 OK Content-Length: 28777 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/js/footable-0.1.js?ver=0.1 | 200 OK Content-Length: 15545 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/js/jquery.customSelect.min.js?ver=0.3.0 | 200 OK Content-Length: 1778 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/inc/prettyphoto/js/jquery.prettyPhoto.min.js?ver=3.1.5 | 200 OK Content-Length: 21647 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer/js/init.js?ver=1.1 | 200 OK Content-Length: 13504 Content-Type: application/javascript | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer-child/js/html5.js?ver=3.6 | 404 Not Found Content-Length: 53313 Content-Type: text/html | clean |
http://thepresidentsdesk.com/wp-content/themes/theretailer-child/js/respond.min.js | 404 Not Found Content-Length: 53313 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: justmahogany.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 May 2014 14:29:12 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-7
Link: <http://thepresidentsdesk.com/?p=99>; rel=shortlink
Set-Cookie: wc_session_cookie_630e59d4b54a8f783caa8a5f9005e4fb=PrG5M0CrPM9sVTQGCyo1M6z090ydL8Om%7C%7C1401460153%7C%7C1401456553%7C%7C0ba4a3a0ad4258b6250a94e5c03310a6; expires=Fri, 30-May-2014 14:29:13 GMT; path=/; httponly
Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 28-May-2014 13:29:13 GMT; path=/
Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 28-May-2014 13:29:13 GMT; path=/
X-Pingback: http://thepresidentsdesk.com/xmlrpc.php
X-Powered-By: PHP/5.3.10
GET / HTTP/1.1
Host: justmahogany.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 28 May 2014 14:29:12 GMT
Server: Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-7
Link: <http://thepresidentsdesk.com/?p=99>; rel=shortlink
Set-Cookie: wc_session_cookie_630e59d4b54a8f783caa8a5f9005e4fb=PrG5M0CrPM9sVTQGCyo1M6z090ydL8Om%7C%7C1401460153%7C%7C1401456553%7C%7C0ba4a3a0ad4258b6250a94e5c03310a6; expires=Fri, 30-May-2014 14:29:13 GMT; path=/; httponly
Set-Cookie: woocommerce_items_in_cart=0; expires=Wed, 28-May-2014 13:29:13 GMT; path=/
Set-Cookie: woocommerce_cart_hash=0; expires=Wed, 28-May-2014 13:29:13 GMT; path=/
X-Pingback: http://thepresidentsdesk.com/xmlrpc.php
X-Powered-By: PHP/5.3.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: justmahogany.com
Referer: http://www.google.com/search?q=justmahogany.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: justmahogany.com
Referer: http://www.google.com/search?q=justmahogany.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=justmahogany.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://justmahogany.com/
Result: justmahogany.com is not infected or malware details are not published yet.
Result: justmahogany.com is not infected or malware details are not published yet.