Scanned pages/files
Request | Server response | Status |
http://thewinningtext.com/ | 200 OK Content-Length: 9614 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Yheya Alshami ...[1623 bytes skipped]... else{ n=0 clearInterval(flashing) setTimeout("beginneon()",1500) return } } function beginneon(){ if (document.all||document.getElementById) flashing=setInterval("neon()",flashspeed) } beginneon() </script> </h2> </body> </html> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type" /> <title>Hacked By Yheya Alshami</title> <!-- saved from url=(0018)http://07-ksa.com/ --><meta content="en-us" http-equiv="Content-Language" /> <body alink="#EE0000" link="#0000EE" style="background-color: black; color: rgb(0, 0, 0);" vlink="#551A8B"> <style type="text/css"> BODY { SCROLLBAR-ARROW-COLOR: #ffffff; SCROLLBAR-FACE-COLOR: #000000; SCROLLBAR-DARKSHADOW-COLOR: #ffffff; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #000000; SCRO ...[8978 bytes skipped]... | ||
http://thewinningtext.com/test404page.js | 200 OK Content-Length: 9614 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thewinningtext.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Dec 2015 09:50:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: thewinningtext.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 25 Dec 2015 09:50:33 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: thewinningtext.com
Referer: http://www.google.com/search?q=thewinningtext.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thewinningtext.com
Referer: http://www.google.com/search?q=thewinningtext.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thewinningtext.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thewinningtext.com/
Result: thewinningtext.com is not infected or malware details are not published yet.
Result: thewinningtext.com is not infected or malware details are not published yet.