Scanned pages/files
Request | Server response | Status |
http://akilcagi.net/ | HTTP/1.1 200 OK Connection: close Date: Sat, 16 Aug 2014 11:12:43 GMT Accept-Ranges: bytes Server: nginx/1.6.1 Content-Length: 260 Content-Type: text/html Last-Modified: Thu, 17 Apr 2014 03:59:48 GMT | clean |
http://akilcagi.net/site | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 16 Aug 2014 11:12:44 GMT Location: http://akilcagi.net/site/ Server: nginx/1.6.1 Content-Length: 295 Content-Type: text/html; charset=iso-8859-1 | clean |
http://akilcagi.net/site/ | 200 OK Content-Length: 43869 Content-Type: text/html | clean |
http://akilcagi.net/site/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://akilcagi.net/site/modules/mod_globalnews/scripts/scroller.js | 200 OK Content-Length: 3937 Content-Type: application/javascript | clean |
http://akilcagi.net/site/plugins/content/ja_tabs/ja_tabs.js | 200 OK Content-Length: 13724 Content-Type: application/javascript | clean |
http://akilcagi.net/site/plugins/content/highslide/highslide-with-html.js | 200 OK Content-Length: 62872 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hs = { graphicsDir : 'plugins/content/highslide/graphics/', restoreCursor : 'zoomout.cur', expandSteps : 10, expandDuration : 250, restoreSteps : 10, restoreDuration : 250, marginLeft : 15, marginRight : 15, marginTop : 15, marginBottom : 15, zIndexCounter : 1001, restoreTitle : 'Click to close image, click and drag to move. Use arrow keys for next and previous.', loadingText : 'Loading...', loadingTitle : 'Cl } } hs.getElementByClass(this.content, 'DIV', 'highslide-body').innerHTML = s; this.onLoad(); for (var x in this) this[x] = null; } }; var HsExpander = hs.Expander; hs.addEventListener(document, 'mousedown', hs.mouseClickHandler); hs.addEventListener(document, 'mouseup', hs.mouseClickHandler); hs.addEventListener(window, 'load', hs.preloadImages); hs.addEventListener(window, 'load', hs.preloadAjax); Antivirus reports:
| ||
http://akilcagi.net/site/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 6889 Content-Type: application/javascript | clean |
http://akilcagi.net/site/plugins/content/highslide/do_cookie.js | 200 OK Content-Length: 2457 Content-Type: application/javascript | clean |
http://akilcagi.net/site/templates/ja_nickel/js/ja.script.js | 200 OK Content-Length: 12723 Content-Type: application/javascript | clean |
http://akilcagi.net/site/templates/ja_nickel/js/cufon/cufon.js | 200 OK Content-Length: 25417 Content-Type: application/javascript | clean |
http://akilcagi.net/site/templates/ja_nickel/js/cufon/NeoSans_400.font.js | 200 OK Content-Length: 15815 Content-Type: application/javascript | clean |
http://akilcagi.net/site/templates/ja_nickel/ja_menus/ja_moomenu/ja.moomenu.js | 200 OK Content-Length: 5522 Content-Type: application/javascript | clean |
http://akilcagi.net/site/modules/mod_jaslideshow2/assets/ja.slideshow2.js | 200 OK Content-Length: 8435 Content-Type: application/javascript | clean |
http://akilcagi.net/site/modules/mod_jaslideshow2/assets/ja.slideshow.js | 200 OK Content-Length: 5538 Content-Type: application/javascript | clean |
http://www.freewebsubmission.com/cgi-bin/js-form.cgi | 200 OK Content-Length: 2562 Content-Type: application/x-javascript | clean |
http://static.woopra.com/js/woopra.js | 200 OK Content-Length: 10752 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: akilcagi.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 16 Aug 2014 11:12:43 GMT
Accept-Ranges: bytes
Server: nginx/1.6.1
Content-Length: 260
Content-Type: text/html
Last-Modified: Thu, 17 Apr 2014 03:59:48 GMT
...260 bytes of data.
GET / HTTP/1.1
Host: akilcagi.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 16 Aug 2014 11:12:43 GMT
Accept-Ranges: bytes
Server: nginx/1.6.1
Content-Length: 260
Content-Type: text/html
Last-Modified: Thu, 17 Apr 2014 03:59:48 GMT
...260 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: akilcagi.net
Referer: http://www.google.com/search?q=akilcagi.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: akilcagi.net
Referer: http://www.google.com/search?q=akilcagi.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=akilcagi.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://akilcagi.net/
Result: akilcagi.net is not infected or malware details are not published yet.
Result: akilcagi.net is not infected or malware details are not published yet.