Scanned pages/files
| Request | Server response | Status |
http://www.irsdebt-help.net/ | 200 OK Content-Length: 131952 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: poruka+AFs-0+AF0 +AD0 +ACIAfgB+-Hacked by r00t erdinc+AF8-07+AH4AfgAi ...[454 bytes skipped]... href+AD0AIg-http://antisecurityteam.com/favicon.ico+ACI type+AD0AIg-image/x-icon+ACIAPg +ADw-HEAD+AD4 +ADw-script language+AD0AIg-JavaScript+ACIAPg var brzinakucanja +AD0 200+ADs var pauzapor +AD0 2000+ADs var vremeid +AD0 null+ADs var kretanje +AD0 false+ADs var poruka +AD0 new Array()+ADs var slporuka +AD0 0+ADs var bezporuke +AD0 0+ADs poruka+AFs-0+AF0 +AD0 +ACIAfgB+-Hacked by r00t erdinc+AF8-07+AH4AfgAi function prikaz() +AHs var text +AD0 poruka+AFs-slporuka+AF0AOw if (bezporuke +ADw text.length) +AHs if (text.charAt(bezporuke) +AD0APQ +ACI +ACI) bezporuke+ACsAKw var ttporuka +AD0 text.substring(0, bezporuke +ACs 1)+ADs document.title +AD0 ttporuka+ADs bezporuke+ACsAKw vremeid +AD0 setTimeout(+ACI-prikaz()+ACI, brzinakucanja)+ADs kretanje +AD0 true+ADs +AH0 else +AHs bezpor ...[151365 bytes skipped]... | ||
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/prototype.js | 404 Not Found Content-Length: 51852 Content-Type: text/html | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/scriptaculous.js | 200 OK Content-Length: 2936 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/builder.js | 200 OK Content-Length: 4744 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/effects.js | 200 OK Content-Length: 38471 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 31056 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/controls.js | 200 OK Content-Length: 34787 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/slider.js | 200 OK Content-Length: 10162 Content-Type: application/javascript | clean |
http://www.irsdebt-help.net/wp-includes/js/scriptaculous/sound.js | 200 OK Content-Length: 2456 Content-Type: application/javascript | clean |
http://www.avidtrak.com/login/jss/avidh.php?c=1152 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 05 Jun 2015 11:43:31 GMT Location: http://avidtrak.com/login/jss/avidh.php?c=1152 Server: Apache/2.2.20 (Ubuntu) Vary: Accept-Encoding Content-Length: 336 Content-Type: text/html; charset=iso-8859-1 | clean |
http://avidtrak.com/login/jss/avidh.php?c=1152 | 200 OK Content-Length: 12240 Content-Type: text/html | clean |
http://avidtrak.com/test404page.js | 404 Not Found Content-Length: 46529 Content-Type: text/html | clean |
http://avidtrak.com/js/jquery-1.7.2.min.js | 200 OK Content-Length: 94842 Content-Type: application/x-javascript | clean |
http://avidtrak.com/js/lightbox.js | 200 OK Content-Length: 11948 Content-Type: application/x-javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.11.1/jquery.min.js | 200 OK Content-Length: 95786 Content-Type: text/javascript | clean |
http://avidtrak.com/js/structure.js | 200 OK Content-Length: 60681 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: irsdebt-help.net
Result:
GET / HTTP/1.1
Host: irsdebt-help.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: irsdebt-help.net
Referer: http://www.google.com/search?q=irsdebt-help.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: irsdebt-help.net
Referer: http://www.google.com/search?q=irsdebt-help.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=irsdebt-help.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://irsdebt-help.net/
Result: irsdebt-help.net is not infected or malware details are not published yet.
Result: irsdebt-help.net is not infected or malware details are not published yet.