Scanned pages/files
Request | Server response | Status |
http://bestacaiberrysupplement.com/ | 200 OK Content-Length: 15295 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- HTML Encrypt By DarK-Mirror.org --> <!-- document.write(unescape('%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%74%69%74%6C%65%3E%48%61%63%6B%65%64%20%42%79%20%48%33%58%20%4B%48%34%4E%3C%2F%74%69%74%6C%65%3E%0A%0A%3C%6C%69%6E%6B%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%73%31%2E%64%69%72%65%63%74%75%70%6C%6F%61%64%2E%6E%65%74%2F%69%6D%61%67%65%73%2F%31%33%30%38%33%31%2F%32%78%6C%77%6E%6F%38%6D%2E%70%6E%67%22%20%72%65%6C%3D%22% ...[3565 bytes skipped]... Decoded script: ...[3425 bytes skipped]... 99;position:fixed;right:-250px;top:40%;}.facebookbox div{border:none;position:relative;display:block;}.facebookbox span{bottom:12px;font:8px"lucida grande",tahoma,verdana,arial,sans-serif;position:absolute;right:6px;text-align:right;z-index:99999;}.facebookbox span a{color:#808080;text-decoration:none;}.facebookbox span a:hover{text-decoration:underline;}</style></head><body bgcolor="Black"><div class="facebookbox"><iframe scrolling="no" frameborder="0" style="border: medium none; overflow: hidden; height: 270px; width: 245px;background:#fff;" src="http://www.facebook.com/plugins/likebox.php?href=https://www.facebook.com/803204749768691&colorscheme=light&show_faces=true&connections=9&stream=false&header=false&height=270"></iframe></div> <embed src="http://www.youtube.com/v/3U1O1oythXY&autoplay=1" type="application/x-shockwave-flash" wmode="transparent" wi ...[1274 bytes skipped]... Deface/Content modification. The following signature was found: Hacked By H3X KH4N <html> <head> <title>Hacked By H3X KH4N</title> <meta content="H3X KH4N Was Here" name="description"/> <meta content="H3X KH4N" name="keywords"/> <meta content="Cyb3r Gangst3r J i H" name="Abstract"/> </head> <Script Language='Javascript'> <!-- HTML Encrypt By DarK-Mirror.org --> <!-- document.write(unescape('%3C%68%74%6D%6C%3E%0A%3C%68%65%61%64%3E%0A%3C%74%69%74%6C%65%3E%48%61%63%6B%65%64% ...[14924 bytes skipped]... | ||
http://bestacaiberrysupplement.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bestacaiberrysupplement.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Dec 2015 18:04:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 15295
Content-Type: text/html
...15295 bytes of data.
GET / HTTP/1.1
Host: bestacaiberrysupplement.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 08 Dec 2015 18:04:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 15295
Content-Type: text/html
...15295 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bestacaiberrysupplement.com
Referer: http://www.google.com/search?q=bestacaiberrysupplement.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bestacaiberrysupplement.com
Referer: http://www.google.com/search?q=bestacaiberrysupplement.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bestacaiberrysupplement.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bestacaiberrysupplement.com/
Result: bestacaiberrysupplement.com is not infected or malware details are not published yet.
Result: bestacaiberrysupplement.com is not infected or malware details are not published yet.