Scanned pages/files
Request | Server response | Status |
http://primespace.ro/ | 200 OK Content-Length: 1401 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY xDrKeeFx S4ud1 H4cK3r <html><head><title>PrimeSpace.ro</title> </head><body> <center><img src="http://www5.0zz0.com/2013/11/26/15/526238566.jpg" height="400" width="400"> <br> <center><div style="text-shadow: 0px 0px 4px #000000, 0px 0px 4px #525252, 0px 0px 4px #525252; font-size: 20px; font-weight:bold; "><font face="Courier New"><font color="#000000">HACKED BY xDrKeeFx S4ud1 H4cK3r</font></font></div></center><font face="Courier New"><font color="#000000"> <center><img src="http://files.eurobattle.net/images/smilies/noob.gif" height="50" width="50"> <center><div style="text-shadow: 0px 0px 4px #000000, 0px 0px 4px #525252, 0px 0px 4px #525252; font-size: 20px; font-weight:bold; "><font face="Courier New" ...[896 bytes skipped]... | ||
http://primespace.ro/test404page.js | 404 Not Found Content-Length: 1421 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: primespace.ro
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 09 Apr 2014 11:17:16 GMT
Server: nginx/1.4.2
Content-Type: text/html; charset=UTF-8
X-Pingback: http://primespace.ro/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: primespace.ro
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 09 Apr 2014 11:17:16 GMT
Server: nginx/1.4.2
Content-Type: text/html; charset=UTF-8
X-Pingback: http://primespace.ro/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: primespace.ro
Referer: http://www.google.com/search?q=primespace.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: primespace.ro
Referer: http://www.google.com/search?q=primespace.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=primespace.ro
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://primespace.ro/
Result: primespace.ro is not infected or malware details are not published yet.
Result: primespace.ro is not infected or malware details are not published yet.