Scanned pages/files
| Request | Server response | Status |
http://afrocrowd.org/ | 200 OK Content-Length: 43009 Content-Type: text/html | clean |
http://afrocrowd.org/sites/all/modules/jquery_update/replace/jquery/1.10/jquery.min.js?v=1.10.2 | 200 OK Content-Length: 93107 Content-Type: application/javascript | clean |
http://afrocrowd.org/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
http://afrocrowd.org/misc/drupal.js?nv3zns | 200 OK Content-Length: 14544 Content-Type: application/javascript | clean |
http://afrocrowd.org/sites/all/themes/responsive_blog/js/jquery.cycle.all.min.js?nv3zns | 200 OK Content-Length: 33868 Content-Type: application/javascript | clean |
http://afrocrowd.org/sites/all/themes/responsive_blog/js/slide.js?nv3zns | 200 OK Content-Length: 1076 Content-Type: application/javascript | clean |
http://afrocrowd.org/sites/default/files/twitter_block/widgets.js?nv3zns | 200 OK Content-Length: 88153 Content-Type: application/javascript | clean |
http://afrocrowd.org/sites/all/themes/responsive_blog/js/main-menu.js?nv3zns | 200 OK Content-Length: 2349 Content-Type: application/javascript | clean |
http://afrocrowd.org/sites/all/themes/responsive_blog/js/pngfix.min.js?nv3zns | 200 OK Content-Length: 8359 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var DD_belatedPNG={ns:"DD_belatedPNG",imgSize:{},delay:10,nodesFixed:0,createVmlNameSpace:function(){if(document.namespaces&&!document.namespaces[this.ns])document.namespaces.add(this.ns,"urn:schemas-microsoft-com:vml")},createVmlStyleSheet:function(){var screenStyleSheet,printStyleSheet;screenStyleSheet=document.createElement("style");screenStyleSheet.setAttribute("media","screen");document.documentElement.firstChild.insertBefore(screenStyleSheet,document.documentElement.firstChild.firs false;el.vml[v].shape.appendChild(el.vml[v].fill);el.parentNode.insertBefore(el.vml[v].shape,el)}el.vml.image.shape.fillcolor="none";el.vml.image.fill.type="tile";el.vml.color.fill.on=false;lib.attachHandlers(el);lib.giveLayout(el);lib.giveLayout(el.offsetParent);el.vmlInitiated=true;lib.applyVML(el)}};try{document.execCommand("BackgroundImageCache",false,true)}catch(r){}DD_belatedPNG.createVmlNameSpace();DD_belatedPNG.createVmlStyleSheet();DD_belatedPNG.fix(".pngfix"); Antivirus reports:
| ||
http://afrocrowd.org/rss.xml | 200 OK Content-Length: 4468 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: hacked by ...[1341 bytes skipped]... nd :$ </span> <span style="background-color: #800000"> <span lang="ar-sa">]]</span> </span></font></b></p> <p align="center"> </p> <p align="center"> <span style="background-color: #800000"><b> <font color="#FFFFFF" size="6" face="Tahoma">hacked by </font></b> </span></p> <p align="center"> </p> <p align="center"> <font color="#FF0000" size="7"><b>!!!!!! Islam Hacker Team !!!!!!</b></font></p> <p align="center"> <font color="#FF0000" size="7"><b>Donsoufiane2@gmail.com</b></font></p> <p align="center"> < ...[3228 bytes skipped]... | ||
http://afrocrowd.org/test404page.js | 200 OK Content-Length: 4468 Content-Type: text/html | clean |
http://afrocrowd.org/?q=content/about | 200 OK Content-Length: 17673 Content-Type: text/html | clean |
http://afrocrowd.org/?q=content/outreach-partners | 200 OK Content-Length: 17601 Content-Type: text/html | clean |
http://afrocrowd.org/?q=content/wikipedias-wiktionaries | 200 OK Content-Length: 19057 Content-Type: text/html | clean |
http://afrocrowd.org/?q=content/press | 200 OK Content-Length: 18249 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: afrocrowd.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 29 Sep 2015 20:36:52 GMT
ETag: "1443559012"
Server: nginx
Vary: Accept-Encoding
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 29 Sep 2015 20:36:52 GMT
Set-Cookie: _PHP_SESSION_PHP=408; expires=Tue, 06-Oct-2015 20:36:52 GMT; path=/
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.4.45-0+deb7u1
GET / HTTP/1.1
Host: afrocrowd.org
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 29 Sep 2015 20:36:52 GMT
ETag: "1443559012"
Server: nginx
Vary: Accept-Encoding
Content-Language: en
Content-Type: text/html; charset=utf-8
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Tue, 29 Sep 2015 20:36:52 GMT
Set-Cookie: _PHP_SESSION_PHP=408; expires=Tue, 06-Oct-2015 20:36:52 GMT; path=/
X-Generator: Drupal 7 (http://drupal.org)
X-Powered-By: PHP/5.4.45-0+deb7u1
Second query (visit from search engine):
GET / HTTP/1.1
Host: afrocrowd.org
Referer: http://www.google.com/search?q=afrocrowd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: afrocrowd.org
Referer: http://www.google.com/search?q=afrocrowd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=afrocrowd.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://afrocrowd.org/
Result: afrocrowd.org is not infected or malware details are not published yet.
Result: afrocrowd.org is not infected or malware details are not published yet.