Scanned pages/files
Request | Server response | Status |
http://etazac.info/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:10 GMT Location: http://etazac.net/ Server: Apache Content-Length: 287 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/ | 200 OK Content-Length: 49739 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: we are currently rebuilding our site after it was hacked by two kiddies one from Indonesia and the o ...[35163 bytes skipped]... 101">News</a> </dd> <dd class="published"> <span class="icon-calendar"></span> Published: 15 March 2014 </dd> <dd class="hits"> <span class="icon-eye-open"></span> Hits: 255 </dd> </dl> <p>Hi all , we are currently rebuilding our site after it was hacked by two kiddies one from Indonesia and the other from France. They decided it would be funny to put a spam bot on the site.</p> <p>Leaving their names behind and ip address has been helpful for authorities in their investigation, especially since they left behind the stealrat spam bot in the following folder</p> <p><!-- [if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:AllowPNG/> </o:OfficeDocument ...[24478 bytes skipped]... | ||
http://etazac.net/templates/allrounder-3/js/jquery-1.9.1.min.js | 200 OK Content-Length: 92629 Content-Type: text/javascript | clean |
http://etazac.info/templates/allrounder-3/js/lv-dropdown.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:17 GMT Location: http://etazac.net/templates/allrounder-3/js/lv-dropdown.js Server: Apache Content-Length: 327 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/templates/allrounder-3/js/lv-dropdown.js | 200 OK Content-Length: 363 Content-Type: text/javascript | clean |
http://etazac.info/templates/allrounder-3/js/jq.easy-tooltip.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:19 GMT Location: http://etazac.net/templates/allrounder-3/js/jq.easy-tooltip.min.js Server: Apache Content-Length: 335 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/templates/allrounder-3/js/jq.easy-tooltip.min.js | 200 OK Content-Length: 6738 Content-Type: text/javascript | clean |
http://etazac.info/templates/allrounder-3/js/jq.easy-caption.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:21 GMT Location: http://etazac.net/templates/allrounder-3/js/jq.easy-caption.min.js Server: Apache Content-Length: 335 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/templates/allrounder-3/js/jq.easy-caption.min.js | 200 OK Content-Length: 8409 Content-Type: text/javascript | clean |
http://etazac.info/templates/allrounder-3/js/reflection.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:22 GMT Location: http://etazac.net/templates/allrounder-3/js/reflection.js Server: Apache Content-Length: 326 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/templates/allrounder-3/js/reflection.js | 200 OK Content-Length: 1829 Content-Type: text/javascript | clean |
http://etazac.info/templates/allrounder-3/js/effects.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:24 GMT Location: http://etazac.net/templates/allrounder-3/js/effects.js Server: Apache Content-Length: 323 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/templates/allrounder-3/js/effects.js | 200 OK Content-Length: 2933 Content-Type: text/javascript | clean |
http://etazac.info/media/jui/js/jquery.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:25 GMT Location: http://etazac.net/media/jui/js/jquery.min.js Server: Apache Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/jui/js/jquery.min.js | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://etazac.info/media/jui/js/jquery-noconflict.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:27 GMT Location: http://etazac.net/media/jui/js/jquery-noconflict.js Server: Apache Content-Length: 320 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/jui/js/jquery-noconflict.js | 200 OK Content-Length: 21 Content-Type: text/javascript | clean |
http://etazac.info/media/jui/js/jquery-migrate.min.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:29 GMT Location: http://etazac.net/media/jui/js/jquery-migrate.min.js Server: Apache Content-Length: 321 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/jui/js/jquery-migrate.min.js | 200 OK Content-Length: 7199 Content-Type: text/javascript | clean |
http://etazac.info/media/system/js/tabs-state.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:30 GMT Location: http://etazac.net/media/system/js/tabs-state.js Server: Apache Content-Length: 316 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/system/js/tabs-state.js | 200 OK Content-Length: 1829 Content-Type: text/javascript | clean |
http://etazac.info/media/system/js/mootools-core.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:32 GMT Location: http://etazac.net/media/system/js/mootools-core.js Server: Apache Content-Length: 319 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/system/js/mootools-core.js | 200 OK Content-Length: 83893 Content-Type: text/javascript | clean |
http://etazac.info/media/system/js/core.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:34 GMT Location: http://etazac.net/media/system/js/core.js Server: Apache Content-Length: 310 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/system/js/core.js | 200 OK Content-Length: 3821 Content-Type: text/javascript | clean |
http://etazac.info/media/com_attachments/js/attachments_refresh.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:36 GMT Location: http://etazac.net/media/com_attachments/js/attachments_refresh.js Server: Apache Content-Length: 334 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/com_attachments/js/attachments_refresh.js | 200 OK Content-Length: 1835 Content-Type: text/javascript | clean |
http://etazac.info/media/system/js/caption.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 18 Apr 2014 01:26:37 GMT Location: http://etazac.net/media/system/js/caption.js Server: Apache Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 | clean |
http://etazac.net/media/system/js/caption.js | 200 OK Content-Length: 501 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: etazac.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 18 Apr 2014 01:26:10 GMT
Location: http://etazac.net/
Server: Apache
Content-Length: 287
Content-Type: text/html; charset=iso-8859-1
...287 bytes of data.
GET / HTTP/1.1
Host: etazac.info
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 18 Apr 2014 01:26:10 GMT
Location: http://etazac.net/
Server: Apache
Content-Length: 287
Content-Type: text/html; charset=iso-8859-1
...287 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: etazac.info
Referer: http://www.google.com/search?q=etazac.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: etazac.info
Referer: http://www.google.com/search?q=etazac.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=etazac.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://etazac.info/
Result: etazac.info is not infected or malware details are not published yet.
Result: etazac.info is not infected or malware details are not published yet.