Scanned pages/files
Request | Server response | Status |
http://saadcosmetics.com/ | 200 OK Content-Length: 1246 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By ||JackSparrow|| ...[442 bytes skipped]... ckteam.org/images/thtson2.png" /></center> <center><img src="http://i.hizliresim.com/g5rj20.png" /></center> <br /> <div align="center" id="textfeld" style="font-family:Courier New,Arial,Verdana,Tahoma,helvetica,sans-serif,Times New Roman;font-size:25pt;color:red"> </div> <p align="center"><font color="ffffff" face="Iceland" size="8">Hacked By ||JackSparrow|| <font color="red" face="Iceland" size="8"> <br /><br /> <object width="0" height="0"><param name="movie" value="//www.youtube.com/v/Xjq5jkd5wVg&autoplay=1?hl=tr_TR&version=3"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="//www.youtube.com/v/Xjq5jkd5wVg&autoplay=1?hl=tr_TR&version=3" type="appli ...[147 bytes skipped]... | ||
http://saadcosmetics.com/test404page.js | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: saadcosmetics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Aug 2015 10:48:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://saadcosmetics.com/xmlrpc.php
GET / HTTP/1.1
Host: saadcosmetics.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 03 Aug 2015 10:48:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://saadcosmetics.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: saadcosmetics.com
Referer: http://www.google.com/search?q=saadcosmetics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: saadcosmetics.com
Referer: http://www.google.com/search?q=saadcosmetics.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=saadcosmetics.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://saadcosmetics.com/
Result: saadcosmetics.com is not infected or malware details are not published yet.
Result: saadcosmetics.com is not infected or malware details are not published yet.