Scanned pages/files
Request | Server response | Status |
http://www.loaqsa.com/ | 200 OK Content-Length: 18025 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By r00tb04M (ICC) ...[1117 bytes skipped]... document.title = tb8_tekst; tb8_sp=tb8_speed; tb8_i++; if (tb8_i==tb8_messages[tb8_currMsg].length){ tb8_currMsg++; tb8_i=0; tb8_tekst="";tb8_sp=tb8_delay; } if (tb8_currMsg == tb8_messages.length){ if ((tb8_rptType == 'finite') && (tb8_counter==tb8_rptNbr)){ clearTimeout(tb8_TID); return; } tb8_counter++; tb8_currMsg = 0; } tb8_TID = setTimeout("tb8_pisi()", tb8_sp); } tb8_pisi() </script><title>Hacked By r00tb04M (ICC)</title><title>Hacked By r00tb04</title><title>Your Site Has Been Hack</title><title>Hacked by r00tb04M (ICC)</title></head><body oncontextmenu="return false;" onkeydown="return false;" onmousedown="return false;"><br> <!-- --><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <link rel="SHORTCUT ICON" href="../fansnataliestonem.files.wordpress.com/2013/05/h ...[19612 bytes skipped]... | ||
http://www.loaqsa.com//bouncebidder.com/apu.php?zoneid=16780&bp=1&parent_id=16780/ | 200 OK Content-Length: 18025 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: text/javascript | clean |
http://jqueryrotate.googlecode.com/svn/trunk/jQueryRotate.js | 200 OK Content-Length: 13892 Content-Type: text/plain | clean |
http://jqueryrotate.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://jqueryrotate.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://www.p0wersurge.com/js/jquery-css-transform.js | 404 Not Found Content-Length: 3090 Content-Type: text/html | clean |
http://www.p0wersurge.com//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=dccf16c0cc/appsh.min.js/ | 404 Not Found Content-Length: 3127 Content-Type: text/html | clean |
http://www.p0wersurge.com//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=73806ac11c/apps1.min.js/ | 404 Not Found Content-Length: 3127 Content-Type: text/html | clean |
http://www.p0wersurge.com/js/rotate3Di.js | 404 Not Found Content-Length: 3079 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
http://edge.quantserve.com/quant.js | 200 OK Content-Length: 7874 Content-Type: application/x-javascript | clean |
http://www.loaqsa.com//go.pub2srv.com/apu.php?zoneid=16780/ | 200 OK Content-Length: 18025 Content-Type: text/html | clean |
http://www.loaqsa.com//1phads.com/notice.php?p=16781&interactive=1&pushup=1/ | 200 OK Content-Length: 18025 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: loaqsa.com
Result:
GET / HTTP/1.1
Host: loaqsa.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: loaqsa.com
Referer: http://www.google.com/search?q=loaqsa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: loaqsa.com
Referer: http://www.google.com/search?q=loaqsa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=loaqsa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://loaqsa.com/
Result: loaqsa.com is not infected or malware details are not published yet.
Result: loaqsa.com is not infected or malware details are not published yet.