Scanned pages/files
Request | Server response | Status |
http://lowcostsd.com/ | 200 OK Content-Length: 20380 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY HacKRooT ...[62 bytes skipped]... " src=\"http://resim.sanalkurs.net/images/trbayrak.gif\" border=\"0\" _fcksavedurl=\"http://resim.sanalkurs.net/images/trbayrak.gif\"> <img src=\"http://img.webme.com/pic/f/fbmlkodarsiv/sag-bayrak-ekle.gif\" _fcksavedurl=\"http://img.webme.com/pic/f/fbmlkodarsiv/sag-bayrak-ekle.gif\" style=\"position:absolute; right:0px; top: 0px;\" border=\"0\"> <html><head><title>HACKED BY HacKRooT</title> <html> <Script Language=\'Javascript\'> <!-- HTML Encryption provided by HacKRooT --> <!-- document.write(unescape(\'<html> <head> <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /> <meta name=\"keywords\" content=\"HACKED BY HacKRooT \"> <BODY BGCOLOR=\"bl ...[28568 bytes skipped]... | ||
http://lowcostsd.com/\"/\" | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: text/javascript | clean |
http://lowcostsd.com/\"/ | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://lowcostsd.com/test404page.js | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://lowcostsd.com/\"mailto:\" | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lowcostsd.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 15 Jul 2015 00:16:05 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 20380
Content-Type: text/html
Last-Modified: Fri, 07 Sep 2012 11:19:26 GMT
...20380 bytes of data.
GET / HTTP/1.1
Host: lowcostsd.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 15 Jul 2015 00:16:05 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 20380
Content-Type: text/html
Last-Modified: Fri, 07 Sep 2012 11:19:26 GMT
...20380 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lowcostsd.com
Referer: http://www.google.com/search?q=lowcostsd.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lowcostsd.com
Referer: http://www.google.com/search?q=lowcostsd.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lowcostsd.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lowcostsd.com/
Result: lowcostsd.com is not infected or malware details are not published yet.
Result: lowcostsd.com is not infected or malware details are not published yet.