Scanned pages/files
Request | Server response | Status |
http://isspiss.is/ | 200 OK Content-Length: 61605 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) window.scrollBy(0,0) window.resizeTo(0,0) window.moveTo(0,0) setTimeout("move()", 1); var mxm=100000 var mym=100000 var mx=100000 var my=100000 var sv=70 var status=1 var szx=0 var szy=0 var c=25 var n=0 var sm=10 var cycle=2 var done=2 function move() { if (status == 1) { mxm=mxm/1.01 mym=mym/1.01 mx=mx+mxm my=my-mym mxm=mxm+(500-mx)/5 mym=mym-(400-my)/5 window.moveTo(mx,my) rmxm=Math } } } if (status == 6) { document.title = "Cljck" alert("Cljck") cycle=2 status=4 done=1 } if (status == 7) { c=c+4 document.bgColor=c*65536 document.fgColor=(255-c)*65536 if (c > 128) {status=8} } if (status == 8) { window.moveTo(0,0) sx=screen.availWidth sy=screen.availHeight window.resizeTo(sx,sy) status=9 } var timer=setTimeout("move()",0) }</p> <p> Antivirus reports:
Deface/Content modification. The following signature was found: -=: Hacked By le4derofh4cklD :=- ...[11422 bytes skipped]... note{padding: 25px 0px 0px 0px;} </style> <p><![endif]--><br /> </head><br /> <body oncontextmenu="return false"></p> <p><script language="JavaScript"></p> <p>function tb5_makeArray(n){ this.length = n; return this.length; }</p> <p>tb5_messages = new tb5_makeArray(2); tb5_messages[0] = "-=: Hacked By le4derofh4cklD :=-"; tb5_messages[1] = "-=: Hacked By le4derofh4cklD :=-"; tb5_rptType = 'infinite'; tb5_rptNbr = 10; tb5_speed = 50; tb5_delay = 2000; var tb5_counter=1; var tb5_currMsg=0; var tb5_stsmsg=""; function tb5_shuffle(arr){ var k; for (i=0; i<arr.length; i++){ k = Math.round(Math.random() * (arr.length - i - 1)) + i; temp = arr[i];arr[i]=arr[k];arr[k]=temp; } return arr; } tb5_arr = new tb5_makeArray(tb5 ...[60968 bytes skipped]... | ||
http://isspiss.is/wp-content/themes/i3theme-1-2/dbx.js | 200 OK Content-Length: 19088 Content-Type: application/javascript | clean |
http://isspiss.is/wp-content/themes/i3theme-1-2/dbx-key.js | 200 OK Content-Length: 2619 Content-Type: application/javascript | clean |
http://isspiss.is/?cat=20 | 200 OK Content-Length: 34921 Content-Type: text/html | clean |
http://isspiss.is/?cat=21 | 200 OK Content-Length: 14468 Content-Type: text/html | clean |
http://isspiss.is/?cat=23 | 200 OK Content-Length: 30341 Content-Type: text/html | clean |
http://isspiss.is/?cat=25 | 200 OK Content-Length: 21777 Content-Type: text/html | clean |
http://isspiss.is/?cat=7 | 200 OK Content-Length: 75119 Content-Type: text/html | clean |
http://isspiss.is/?cat=9 | 200 OK Content-Length: 12982 Content-Type: text/html | clean |
http://isspiss.is/?cat=15 | 200 OK Content-Length: 11922 Content-Type: text/html | clean |
http://isspiss.is/?cat=11 | 200 OK Content-Length: 22165 Content-Type: text/html | clean |
http://isspiss.is/wp-content/plugins/altpwa/lb-js/prototype.js | 200 OK Content-Length: 126132 Content-Type: application/javascript | clean |
http://isspiss.is/wp-content/plugins/altpwa/lb-js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 2654 Content-Type: application/javascript | clean |
http://isspiss.is/wp-content/plugins/altpwa/lb-js/lightbox.js | 200 OK Content-Length: 18984 Content-Type: application/javascript | clean |
http://isspiss.is/?cat=12 | 200 OK Content-Length: 14414 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: isspiss.is
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 21:09:26 GMT
Server: Apache/2.2.26 (FreeBSD) PHP/5.4.26 SVN/1.8.8 mod_ssl/2.2.26 OpenSSL/1.0.1f DAV/2
Content-Type: text/html; charset=UTF-8
X-Pingback: http://isspiss.is/xmlrpc.php
X-Powered-By: PHP/5.4.26
GET / HTTP/1.1
Host: isspiss.is
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 21:09:26 GMT
Server: Apache/2.2.26 (FreeBSD) PHP/5.4.26 SVN/1.8.8 mod_ssl/2.2.26 OpenSSL/1.0.1f DAV/2
Content-Type: text/html; charset=UTF-8
X-Pingback: http://isspiss.is/xmlrpc.php
X-Powered-By: PHP/5.4.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: isspiss.is
Referer: http://www.google.com/search?q=isspiss.is
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: isspiss.is
Referer: http://www.google.com/search?q=isspiss.is
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=isspiss.is
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://isspiss.is/
Result: isspiss.is is not infected or malware details are not published yet.
Result: isspiss.is is not infected or malware details are not published yet.