Scanned pages/files
Request | Server response | Status |
http://eventsbyus.com/ | 200 OK Content-Length: 10184 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- No Name Cyber Team --> <!-- document.write(unescape('%3C%68%74%6D%6C%20%6C%61%6E%67%3D%22%65%6E%22%3E%0A%3C%68%65%61%64%3E%3C%73%63%72%69%70%74%3E%69%66%28%74%79%70%65%6F%66%20%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%3D%3D%3D%27%75%6E%64%65%66%69%6E%65%64%27%29%7B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%3D%35%30%36%34%3B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%6E%3D%27%50%6C%75%67%49%6E%27%3B%77%69%6E%64%6F%77%2E%5F%5F%77%73%75%6A%73%73%3D%27%39%44%42%34%45%41 Antivirus reports:
Deface/Content modification. The following signature was found: !-- Hacked by No Name Cyber Team -- ...[9732 bytes skipped]... 75%6E%75%73%61%20%2D%20%42%52%4F%54%48%45%52%5F%53%55%43%4B%73%20%2D%20%4D%72%2E%50%68%6F%65%6E%69%78%31%33%33%37%20%0A%09%09%09%3C%62%72%3E%3C%61%20%68%72%65%66%3D%22%68%74%74%70%3A%2F%2F%62%6C%6F%67%2E%6E%6E%63%74%65%61%6D%2E%63%6F%6D%22%3E%43%6F%6E%74%61%63%74%20%55%73%3C%2F%61%3E%0A%09%09%3C%2F%64%69%76%3E%09%0A%3C%2F%62%6F%64%79%3E%0A%3C%2F%68%74%6D%6C%3E%0A')); //--> </Script> <!-- Hacked by No Name Cyber Team --> <!-- zone-h.org/archive/notifier=No Name Cyber Team --> | ||
http://eventsbyus.com/test404page.js | 404 Not Found Content-Length: 2692 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: eventsbyus.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600, public, must-revalidate, proxy-revalidate
Connection: close
Date: Sat, 06 Dec 2014 23:32:06 GMT
Pragma: public
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 10184
Content-Type: text/html
Expires: Sun, 07 Dec 2014 00:32:06 GMT
...10184 bytes of data.
GET / HTTP/1.1
Host: eventsbyus.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600, public, must-revalidate, proxy-revalidate
Connection: close
Date: Sat, 06 Dec 2014 23:32:06 GMT
Pragma: public
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding
Content-Length: 10184
Content-Type: text/html
Expires: Sun, 07 Dec 2014 00:32:06 GMT
...10184 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: eventsbyus.com
Referer: http://www.google.com/search?q=eventsbyus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: eventsbyus.com
Referer: http://www.google.com/search?q=eventsbyus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=eventsbyus.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://eventsbyus.com/
Result: eventsbyus.com is not infected or malware details are not published yet.
Result: eventsbyus.com is not infected or malware details are not published yet.