Scanned pages/files
Request | Server response | Status |
http://tobaccoxpress.com/ | 200 OK Content-Length: 5857 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Isal Dot ID was here , Hacked by Isal Dot ID, Owned by Isal Dot ID, Pwned by Isal Dot ID, Sanjungan <html>
<head> <link rel="SHORTCUT ICON" href="http://3.bp.blogspot.com/-FFxSBwmZeJ0/T3WvTLAy56I/AAAAAAAAARs/ePKYyVFgOh0/s1600/Cur2.gif" type="image"> <script src="http://masterendi.googlecode.com/files/salju.js"></script> </head> <title>Stamp3d by Sanjungan Jiwa</title> <meta content='Isal Dot ID was here , Hacked by Isal Dot ID, Owned by Isal Dot ID, Pwned by Isal Dot ID, Sanjungan Jiwa , Stamp3d by Sanjungan Jiwa' name='description'/> <meta content='Isal Dot ID was here , Hacked by Isal Dot ID, Owned by Isal Dot ID, Pwned by Isal Dot ID, Sanjungan Jiwa , Stamp3d by Sanjungan Jiwa' name='keywords'/> <meta content='Isal Dot ID was here , Hacked by Isal Dot ID, Owned by Isal Dot ID, Pwned by Isal Dot ID, Sanjungan Jiwa , Stamp3d by Sanjungan Jiwa ...[6178 bytes skipped]... | ||
http://masterendi.googlecode.com/files/salju.js | 404 Not Found Content-Length: 1575 Content-Type: text/html | clean |
http://masterendi.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1561 Content-Type: text/html | clean |
http://masterendi.googlecode.com/test404page.js | 404 Not Found Content-Length: 1575 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.3.1/jquery.min.js | 200 OK Content-Length: 55272 Content-Type: text/javascript | clean |
http://tobaccoxpress.com//www.google.com/ | 404 Not Found Content-Length: 399 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tobaccoxpress.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 05 Dec 2015 18:47:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires:
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 891cf5de31300834a34e1512d66c02b4=facvvkr4o9nqajn4uklia7mkr1; path=/
Set-Cookie: ja_norite_tpl=ja_norite; expires=Thu, 24-Nov-2016 18:47:30 GMT; path=/
GET / HTTP/1.1
Host: tobaccoxpress.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 05 Dec 2015 18:47:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires:
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 891cf5de31300834a34e1512d66c02b4=facvvkr4o9nqajn4uklia7mkr1; path=/
Set-Cookie: ja_norite_tpl=ja_norite; expires=Thu, 24-Nov-2016 18:47:30 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: tobaccoxpress.com
Referer: http://www.google.com/search?q=tobaccoxpress.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tobaccoxpress.com
Referer: http://www.google.com/search?q=tobaccoxpress.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tobaccoxpress.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tobaccoxpress.com/
Result: tobaccoxpress.com is not infected or malware details are not published yet.
Result: tobaccoxpress.com is not infected or malware details are not published yet.