Scanned pages/files
Request | Server response | Status |
http://gallery-pulsa.com/ | 200 OK Content-Length: 96097 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- Hacked by d2mysilent --> <!-- document.write(unescape('%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%67%6F%6F%67%6C%65%2D%73%69%74%65%2D%76%65%72%69%66%69%63%61%74%69%6F%6E%22%20%63%6F%6E%74%65%6E%74%3D%22%48%61%63%6B%65%64%20%42%79%20%64%32%6D%79%73%69%6C%65%6E%74%22%2F%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%63%6F%6E%74%65%6E%74%3D% ...[3569 bytes skipped]... Decoded script: ...[26892 bytes skipped]... MMMMMM :MMM$ </font></font></pre></center> <iframe width="1" height="1" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/157248014&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> Deface/Content modification. The following signature was found: !-- Hacked by d2mysilent -- <Script Language='Javascript'>
<!-- Hacked by d2mysilent --> <!-- document.write(unescape('%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%67%6F%6F%67%6C%65%2D%73%69%74%65%2D%76%65%72%69%66%69%63%61%74%69%6F%6E%22%20%63%6F%6E%74%65%6E%74%3D%22%48%61%63%6B%65%64%20%42%79%20%64%32%6D%79%73%69%6C%65%6E%74%22%2F%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%63%6F%6E%74%65%6E%74%3D%22%65%6E%2D%75 ...[100020 bytes skipped]... | ||
http://gallery-pulsa.com/?p=10 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://gallery-pulsa.com/?author=1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?cat=3 | 200 OK Content-Length: 90127 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- Hacked by d2mysilent --> <!-- document.write(unescape('%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%67%6F%6F%67%6C%65%2D%73%69%74%65%2D%76%65%72%69%66%69%63%61%74%69%6F%6E%22%20%63%6F%6E%74%65%6E%74%3D%22%48%61%63%6B%65%64%20%42%79%20%64%32%6D%79%73%69%6C%65%6E%74%22%2F%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%63%6F%6E%74%65%6E%74%3D% ...[3569 bytes skipped]... Decoded script: ...[26892 bytes skipped]... MMMMMM :MMM$ </font></font></pre></center> <iframe width="1" height="1" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/157248014&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> | ||
http://gallery-pulsa.com/?tag=pascabayar | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?tag=pln | 200 OK Content-Length: 90127 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- Hacked by d2mysilent --> <!-- document.write(unescape('%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%67%6F%6F%67%6C%65%2D%73%69%74%65%2D%76%65%72%69%66%69%63%61%74%69%6F%6E%22%20%63%6F%6E%74%65%6E%74%3D%22%48%61%63%6B%65%64%20%42%79%20%64%32%6D%79%73%69%6C%65%6E%74%22%2F%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%63%6F%6E%74%65%6E%74%3D% ...[3569 bytes skipped]... Decoded script: ...[26892 bytes skipped]... MMMMMM :MMM$ </font></font></pre></center> <iframe width="1" height="1" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/157248014&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> | ||
http://gallery-pulsa.com/?tag=ppob-2 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/ymsgr:sendIM?galleryreload | 404 Not Found Content-Length: 329 Content-Type: text/html | clean |
http://gallery-pulsa.com/ymsgr:sendIM?mesin_trxpulsa | 404 Not Found Content-Length: 329 Content-Type: text/html | clean |
http://gallery-pulsa.com/?p=5 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?p=1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?page_id=14 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?page_id=20 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://gallery-pulsa.com/?page_id=16 | 200 OK Content-Length: 96769 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- Hacked by d2mysilent --> <!-- document.write(unescape('%3C%68%65%61%64%3E%0A%3C%6D%65%74%61%20%6E%61%6D%65%3D%22%67%6F%6F%67%6C%65%2D%73%69%74%65%2D%76%65%72%69%66%69%63%61%74%69%6F%6E%22%20%63%6F%6E%74%65%6E%74%3D%22%48%61%63%6B%65%64%20%42%79%20%64%32%6D%79%73%69%6C%65%6E%74%22%2F%3E%0A%3C%6D%65%74%61%20%68%74%74%70%2D%65%71%75%69%76%3D%22%43%6F%6E%74%65%6E%74%2D%4C%61%6E%67%75%61%67%65%22%20%63%6F%6E%74%65%6E%74%3D% ...[3569 bytes skipped]... Decoded script: ...[26892 bytes skipped]... MMMMMM :MMM$ </font></font></pre></center> <iframe width="1" height="1" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/157248014&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gallery-pulsa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 May 2015 01:13:05 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://gallery-pulsa.com/xmlrpc.php
X-Powered-By: PHP/5.5.16
GET / HTTP/1.1
Host: gallery-pulsa.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 26 May 2015 01:13:05 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
X-Pingback: http://gallery-pulsa.com/xmlrpc.php
X-Powered-By: PHP/5.5.16
Second query (visit from search engine):
GET / HTTP/1.1
Host: gallery-pulsa.com
Referer: http://www.google.com/search?q=gallery-pulsa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gallery-pulsa.com
Referer: http://www.google.com/search?q=gallery-pulsa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gallery-pulsa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gallery-pulsa.com/
Result: gallery-pulsa.com is not infected or malware details are not published yet.
Result: gallery-pulsa.com is not infected or malware details are not published yet.