Scanned pages/files
Request | Server response | Status |
http://grahakertajaya.com/ | 200 OK Content-Length: 417 Content-Type: text/html | clean |
http://grahakertajaya.com/-.php | 200 OK Content-Length: 2282 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- Dark-Devilz was here!! --> <!-- document.write(unescape('%3C%53%63%72%69%70%74%20%4C%61%6E%67%75%61%67%65%3D%27%4A%61%76%61%73%63%72%69%70%74%27%3E%0A%3C%21%2D%2D%20%44%61%72%6B%2D%44%65%76%69%6C%7A%20%77%61%73%20%68%65%72%65%21%21%20%2D%2D%3E%0A%3C%21%2D%2D%0A%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%27%25%33%43%25%37%34%25%36%39%25%37%34%25%36%43%25%36%35%25%33%45%25%32%45%25%32%46%25%34%34%25%36%31%25%37%32%25%36%42%25%32%44%25%34%3 Antivirus reports:
Deface/Content modification. The following signature was found: Hacked by Dark-Devilz ...[1618 bytes skipped]... %32%25%37%32%25%33%45%25%30%41%25%36%34%25%36%31%25%37%32%25%36%42%25%32%44%25%36%34%25%36%35%25%37%36%25%36%39%25%36%43%25%37%41%25%34%30%25%36%38%25%36%31%25%36%33%25%36%42%25%36%35%25%37%32%25%36%44%25%36%31%25%36%39%25%36%43%25%32%45%25%36%33%25%36%46%25%36%44%27%29%29%3B%0A%2F%2F%2D%2D%3E%0A%3C%2F%53%63%72%69%70%74%3E')); //--> </Script><br><br> <font color='white'>Hacked by Dark-Devilz </font><br> <!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--> <!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dark-Devilz--><!--Dar ...[71 bytes skipped]... | ||
http://grahakertajaya.com/test404page.js | 404 Not Found Content-Length: 466 Content-Type: text/html | clean |
http://grahakertajaya.com/.htpasswds/ | 200 OK Content-Length: 354 Content-Type: text/html | clean |
http://grahakertajaya.com/cgi-bin/ | 403 Forbidden Content-Length: 464 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: grahakertajaya.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Apr 2015 09:16:14 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 417
Content-Type: text/html;charset=ISO-8859-1
...417 bytes of data.
GET / HTTP/1.1
Host: grahakertajaya.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Apr 2015 09:16:14 GMT
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Length: 417
Content-Type: text/html;charset=ISO-8859-1
...417 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: grahakertajaya.com
Referer: http://www.google.com/search?q=grahakertajaya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: grahakertajaya.com
Referer: http://www.google.com/search?q=grahakertajaya.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=grahakertajaya.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://grahakertajaya.com/
Result: grahakertajaya.com is not infected or malware details are not published yet.
Result: grahakertajaya.com is not infected or malware details are not published yet.