Scanned pages/files
Request | Server response | Status |
http://computerplumber.biz/ | 200 OK Content-Length: 12410 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){while(c--)if(k[c])p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c]);return p}('w u(t){0=s.r("6");0.q();0.p();0.o(n)}7 4={m:"l"};7 2={k:"6"};j.i("h://g.f.e/v/d?c=1&b=0&a=3","9","1","1","8",5,5,4,2);',33,33,'ytplayer||atts||params|null|myytplayer|var||ytapiplayer|version|playerapiid|enablejsapi|1mlbypRQ878|com|youtube|www|http|embedSWF|swfobject|id|always|allowScriptAccess|true|setLoop|playVideo|mute|getElementById|document|playerId|onYouTubePlayerReady||function'.split('|'))) Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By Black_Hack <html>
<head><script language="JavaScript" type="text/javascript" src="/Audio-HTML5.js"></script><link rel="shortcut icon" href="https://encrypted-tbn2.gstatic.com/images?q=tbn:ANd9GcRk6BqSTS-npCagRft2ez-qhLQcSjHC7HOo8GJ097_oHzCfIJCRJw"><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="Hacked By Black_Hack"> <meta name="description" content="Hacked By Black_Hack"><script type="text/javascript"> //<![CDATA[ try{if (!window.CloudFlare) { var CloudFlare=[{verbose:0,p:0,byc:0,owlid:0,mirage:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/v=2965651658/"},atok:"46d7245de8fe7573628a114e8d9dabf4",zone:"zonehmirrors.net",rocket:"0",apps:{"dnschanger_detector":{"fix_url":null}}}];document.write('<script type= ...[13924 bytes skipped]... | ||
http://computerplumber.biz/Audio-HTML5.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://computerplumber.biz/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://code.jquery.com/jquery-latest.min.js | 200 OK Content-Length: 95786 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: computerplumber.biz
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 23 Aug 2014 00:58:19 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 53f94ae28286625d467fde6c991deb78=sbtkeo0h6aep4ulk2kfni3fqq5; path=/
Set-Cookie: mjmarkup=deleted; expires=Fri, 23-Aug-2013 00:58:18 GMT; path=/
GET / HTTP/1.1
Host: computerplumber.biz
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sat, 23 Aug 2014 00:58:19 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 53f94ae28286625d467fde6c991deb78=sbtkeo0h6aep4ulk2kfni3fqq5; path=/
Set-Cookie: mjmarkup=deleted; expires=Fri, 23-Aug-2013 00:58:18 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: computerplumber.biz
Referer: http://www.google.com/search?q=computerplumber.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: computerplumber.biz
Referer: http://www.google.com/search?q=computerplumber.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=computerplumber.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://computerplumber.biz/
Result: computerplumber.biz is not infected or malware details are not published yet.
Result: computerplumber.biz is not infected or malware details are not published yet.