Scanned pages/files
| Request | Server response | Status |
http://dr-zadehtreat.com/ | 200 OK Content-Length: 26388 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 style: hidden src: http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.4.54 <iframe src="http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.4.54" style="position: absolute; top: -100px; left: -100px; z-index: -10; border: none; visibility: hidden; width: 1px; height: 1px;"> Hidden iFrame found. size: 1x1 style: hidden src: http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.1.99 <iframe src="http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.1.99" style="position: absolute; top: -100px; left: -100px; z-index: -10; border: none; visibility: hidden; width: 1px; height: 1px;"> Hidden iFrame found. size: 1x1 style: hidden src: http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.4.52 <iframe src="http://www.superfish.com/ws/userdata.jsp?dlsource=ecvzyna&userid=ntbcntbc&ver=13.1.4.52" style="position: absolute; top: -100px; left: -100px; z-index: -10; border: none; visibility: hidden; width: 1px; height: 1px;"> Deface/Content modification. The following signature was found: Hacked by joker jr yemen <html __fvdsurfcanyoninserted="1"><head><title>Hacked by joker jr yemen</title><style>@font-face { font-family: 'Orbitron'; font-style: normal; font-weight: 700; src: local('Orbitron-Bold'), url(http://themes.googleusercontent.com/static/fonts/orbitron/v4/Y82YH_MJJWnsH2yUA5AuYYbN6UDyHWBl620a-IRfuBk.woff) format('woff');}</style><script src="https://www.superfish.com/ws/sf_main.jsp?dlsource=ecvzyna&userId=90C54031-A10B-49BD-BA55-0 ...[29132 bytes skipped]... | ||
https://www.superfish.com/ws/sf_main.jsp?dlsource=ecvzyna&userId=90C54031-A10B-49BD-BA55-029E585E7888&CTID=ecvzyna | 200 OK Content-Length: 10584 Content-Type: text/html | clean |
http://www.superfish.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 17 Jun 2014 01:57:10 GMT Pragma: no-cache Location: http://wwws.superfish.com/test404page.js Server: nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT CF-Cache-Status: MISS CF-RAY: 13bba281f4cc0651-SJC ClientCountry: LT Set-Cookie: __cfduid=df92efd718c37167119a21a9b0c4f82521402970230072; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/test404page.js | 404 Not Found Content-Length: 27781 Content-Type: text/html | clean |
http://wwws.superfish.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93661 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.cycle.all.min.js?ver=3.5.1 | 200 OK Content-Length: 31614 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.flexslider.js?ver=1.0 | 200 OK Content-Length: 41062 Content-Type: application/x-javascript | clean |
http://www.superfish.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 17 Jun 2014 01:57:13 GMT Pragma: no-cache Location: http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ Server: nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT CF-RAY: 13bba2992f640651-SJC ClientCountry: LT Set-Cookie: __cfduid=d52e377e9f80deec8a38959d9c52ff92d1402970233787; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 27811 Content-Type: text/html | clean |
http://wwws.superfish.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 17 Jun 2014 01:57:15 GMT Pragma: no-cache Location: http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ Server: cloudflare-nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT CF-RAY: 13bba2a0f3a70899-FRA Set-Cookie: __cfduid=d0133a5c91adbe7bbe42bb6523da738a41402970235034; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.36.0-2013.06.16 | 200 OK Content-Length: 14510 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.4.2 | 200 OK Content-Length: 7354 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.sticky.js?ver=1.0 | 200 OK Content-Length: 4627 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.smooth-scroll.js?ver=1.0 | 200 OK Content-Length: 1434 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/contact-form.js?ver=1.0 | 200 OK Content-Length: 1385 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.easing.1.3.js?ver=1.0 | 200 OK Content-Length: 8301 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.prettyPhoto.js?ver=1.0 | 200 OK Content-Length: 25298 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.inview.js?ver=1.0 | 200 OK Content-Length: 2097 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dr-zadehtreat.com
Result:
HTTP/1.1 200 OK
Date: Tue, 17 Jun 2014 01:56:40 GMT
Accept-Ranges: bytes
ETag: "8093a884e387cf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 26388
Content-Type: text/html
Last-Modified: Sat, 14 Jun 2014 15:15:47 GMT
X-Powered-By: ASP.NET
...26388 bytes of data.
GET / HTTP/1.1
Host: dr-zadehtreat.com
Result:
HTTP/1.1 200 OK
Date: Tue, 17 Jun 2014 01:56:40 GMT
Accept-Ranges: bytes
ETag: "8093a884e387cf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 26388
Content-Type: text/html
Last-Modified: Sat, 14 Jun 2014 15:15:47 GMT
X-Powered-By: ASP.NET
...26388 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dr-zadehtreat.com
Referer: http://www.google.com/search?q=dr-zadehtreat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dr-zadehtreat.com
Referer: http://www.google.com/search?q=dr-zadehtreat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dr-zadehtreat.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dr-zadehtreat.com/
Result: dr-zadehtreat.com is not infected or malware details are not published yet.
Result: dr-zadehtreat.com is not infected or malware details are not published yet.