Scanned pages/files
| Request | Server response | Status |
http://printxstore.com/ | 200 OK Content-Length: 14858 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ./SpyEye_23 ...[6881 bytes skipped]... re --> <div id="wrappage"> <!-- container begin here --> <div class="container"> <!-- top block begin here --> <div class="top"> <div class="energy"> </div> <div class="top-block"><br> <a class="logo"><font face="Algerian">Hacked By ./SpyEye_23</font></a> <div class="bg-e-button"> </div> <a href class="open"><img src="http://hellox.persiangig.com/DefacePage/flash000.png" alt=""></a> </div> </div> <!-- top block end here --> <!-- center block begin here --> <div class="center-block"> <!-- ???? --> ...[10591 bytes skipped]... | ||
http://hellox.persiangig.com/DefacePage/jquery-1.js | 200 OK Content-Length: 91669 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/cufon-yu.js | 200 OK Content-Length: 18258 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/Yanone_K.js | 200 OK Content-Length: 54966 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery00.js | 200 OK Content-Length: 24867 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery01.js | 200 OK Content-Length: 27151 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery02.js | 200 OK Content-Length: 6297 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery03.js | 200 OK Content-Length: 4824 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery04.js | 200 OK Content-Length: 2235 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery05.js | 200 OK Content-Length: 44500 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery06.js | 200 OK Content-Length: 4866 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/jquery07.js | 200 OK Content-Length: 3104 Content-Type: application/x-javascript | clean |
http://hellox.persiangig.com/DefacePage/custom00.js | 200 OK Content-Length: 13830 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 13020 Content-Type: application/javascript | clean |
https://www.blogger.com/static/v1/common/js/2858158682-csitail.js | 200 OK Content-Length: 2325 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: printxstore.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Wed, 29 Jul 2015 07:36:10 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 27fbeb8708ac6fcbf8b9a045c167cb2e=47v0dj3dv8pka53oa7cnvroe84; path=/
GET / HTTP/1.1
Host: printxstore.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Wed, 29 Jul 2015 07:36:10 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 27fbeb8708ac6fcbf8b9a045c167cb2e=47v0dj3dv8pka53oa7cnvroe84; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: printxstore.com
Referer: http://www.google.com/search?q=printxstore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: printxstore.com
Referer: http://www.google.com/search?q=printxstore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=printxstore.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://printxstore.com/
Result: printxstore.com is not infected or malware details are not published yet.
Result: printxstore.com is not infected or malware details are not published yet.