Scanned pages/files
| Request | Server response | Status |
http://legaproitalia.it/ | 200 OK Content-Length: 10228 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Ho3$ien-Mojazat ...[2020 bytes skipped]... animation-duration: 0.8s; -webkit-transform-origin:50% 50%; -webkit-animation-iteration-count: infinite; -webkit-animation-timing-function: linear; } #shake { display:inline-block } --> </style> <!-- Genel --> <div class="genel"> <!-- Baslik --> <div id="shake" class="baslik"> <h1>Hacked by Ho3$ien-Mojazat<p>Iranian Hacker</p></h1> </div> <!--#Baslik --> <META http-equiv=content-type content=text/html;charset=windows-1254><body bgcolor="#000000" text="#FFFFFF"> <div align="center" style="color:#F00; font-size:18px; font-family:Tahoma, Geneva, sans-serif;"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> ...[8368 bytes skipped]... | ||
http://www.welcometohell.org/gravityscript.js | HTTP/1.1 302 Found Connection: close Date: Mon, 16 Mar 2015 19:50:26 GMT Location: http://error.hostinger.eu/? Server: Apache Content-Length: 211 Content-Type: text/html; charset=iso-8859-1 | clean |
http://error.hostinger.eu/? | HTTP/1.1 200 OK Connection: close Date: Mon, 16 Mar 2015 19:47:11 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://www.hostinger.lt/klaida_404? | 200 OK Content-Length: 11572 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js | 200 OK Content-Length: 91556 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.14/jquery-ui.min.js | 200 OK Content-Length: 201658 Content-Type: text/javascript | clean |
http://www.welcometohell.org/js/site.php | HTTP/1.1 302 Found Connection: close Date: Mon, 16 Mar 2015 19:50:28 GMT Location: http://error.hostinger.eu/? Server: Apache Content-Length: 211 Content-Type: text/html; charset=iso-8859-1 | clean |
http://error.hostinger.eu/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Mon, 16 Mar 2015 19:47:17 GMT Server: Apache Content-Length: 170 Content-Type: text/html; charset=utf-8 X-Powered-By: PHP/5.2.17 | clean |
http://www.hostinger.lt/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.welcometohell.org/js/popup.js | HTTP/1.1 302 Found Connection: close Date: Mon, 16 Mar 2015 19:50:33 GMT Location: http://error.hostinger.eu/? Server: Apache Content-Length: 211 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: legaproitalia.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 Mar 2015 19:47:10 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.37
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: legaproitalia.it
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 16 Mar 2015 19:47:10 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.4.37
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: legaproitalia.it
Referer: http://www.google.com/search?q=legaproitalia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: legaproitalia.it
Referer: http://www.google.com/search?q=legaproitalia.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=legaproitalia.it
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://legaproitalia.it/
Result: legaproitalia.it is not infected or malware details are not published yet.
Result: legaproitalia.it is not infected or malware details are not published yet.