Scanned pages/files
Request | Server response | Status |
http://watersav.com/ | 200 OK Content-Length: 33596 Content-Type: text/html | clean |
http://geyserstop.com/wp-content/themes/gstheme/niftycube.js | 200 OK Content-Length: 8647 Content-Type: application/javascript | clean |
http://www.google.com/jsapi | 200 OK Content-Length: 24558 Content-Type: text/javascript | clean |
http://geyserstop.com/wp-content/themes/gstheme/js/jquery.jqtransform.js | 200 OK Content-Length: 12604 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/themes/gstheme/js/jquery-1.3.1.min.js | 200 OK Content-Length: 55272 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/themes/gstheme/jquery.easing.min.js | 200 OK Content-Length: 2585 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/themes/gstheme/jquery.lavalamp.min.js | 200 OK Content-Length: 721 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/plugins/random-image-gallery-with-fancy-zoom/js/jquery.fancyzoom.min.js?ver=4.1.1 | 200 OK Content-Length: 9392 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/plugins/wp-swfobject/2.0/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php | 200 OK Content-Length: 170141 Content-Type: application/x-javascript | clean |
http://geyserstop.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/javascript | clean |
http://geyserstop.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.1 | 200 OK Content-Length: 11145 Content-Type: application/javascript | clean |
http://watersav.com/test404page.js | 404 Not Found Content-Length: 24804 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-title+AD4-Hacked by White-Shadow +AHw B3YAZ.ORG+ADw-/title+AD4 ...[7930 bytes skipped]... tml1-transitional.dtd+ACIAPg +ADw-html xmlns+AD0AIg-http://www.w3.org/1999/xhtml+ACIAPg +ADwAIQ---Bu +AN0-ndex White-Shadow Taraf+AP0-ndan Yap+AP0-lm+AP0A/g-t+AP0-r--+AD4 +ADwAIQ---Kodlar+AP0 +AMc-alma +AN4-erefsiz--+AD4 +ADwAIQ---B3YAZ.ORG--+AD4 +ADw-head+AD4 +ADw-meta http-equiv+AD0AIg-Content-Type+ACI content+AD0AIg-text/html+ADs charset+AD0-utf-8+ACI /+AD4 +ADw-title+AD4-Hacked by White-Shadow +AHw B3YAZ.ORG+ADw-/title+AD4 +ADw-style type+AD0AIg-text/css+ACIAPg body +AHs background-color: +ACM-000+ADs +AH0 body,td,th +AHs color: +ACM-FFF+ADs +AH0 .kirmizi +AHs color: +ACM-F00+ADs +AH0 .team +AHs color: +ACM-F00+ADs +AH0 +ADw-/style+AD4 +ADw-/head+AD4 +ADw-body+AD4 +ADw-center+AD4 +ADw-img src+AD0AIg-http://i.hizliresim.com/vga87v.png+ACI alt+AD0AIg-White-Shadow b3yaz.org+AC ...[20165 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: watersav.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 11 Mar 2015 20:14:10 GMT
Pragma: no-cache
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://geyserstop.com/>; rel=shortlink
Set-Cookie: PHPSESSID=b28254600c296e5b6314119f785ffcf9; path=/
X-Pingback: http://geyserstop.com/xmlrpc.php
X-Powered-By: PHP/5.4.35
GET / HTTP/1.1
Host: watersav.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 11 Mar 2015 20:14:10 GMT
Pragma: no-cache
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://geyserstop.com/>; rel=shortlink
Set-Cookie: PHPSESSID=b28254600c296e5b6314119f785ffcf9; path=/
X-Pingback: http://geyserstop.com/xmlrpc.php
X-Powered-By: PHP/5.4.35
Second query (visit from search engine):
GET / HTTP/1.1
Host: watersav.com
Referer: http://www.google.com/search?q=watersav.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: watersav.com
Referer: http://www.google.com/search?q=watersav.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=watersav.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://watersav.com/
Result: watersav.com is not infected or malware details are not published yet.
Result: watersav.com is not infected or malware details are not published yet.