Scanned pages/files
Request | Server response | Status |
http://loginatsolutions.co.uk/ | 200 OK Content-Length: 19108 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- VirgVorg-45 --> <!-- document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%27%68%74%74%70%3A%2F%2F%66%6F%6E%74%73%2E%67%6F%6F%67%6C%65%61%70%69%73%2E%63%6F%6D%2F%63%73%73%3F%66%61%6D%69%6C%79%3D%41%64%76%65%6E%74%2B%50%72%6F%26%73%75%62%73%65%74%3D%6C%61%74%69%6E%2C%6C%61%74%69%6E%2D%65%78%74%27%20%72%65%6C%3D%27%73%74%79%6C%65%73%68%65%65%74%27%20%74%79%70%65%3D%27%74%65%78%74%2F%63%73%73%27%3E%3C%62%72%3E%3C%62% ...[4045 bytes skipped]... Decoded script: ...[1030 bytes skipped]... px;" /></a></a> <center> <br> <br> <br> <br> <font face="Informal Roman" color="white" size"5" >Copyright 2015 ~ VirgVorg-45</div> <br> <font face="Copperplate Gothic Bold" color="white" size"7" > ~ Newbie Cyber Team ~ </div> </div> <center> <hr width="550px" style='color:cyan;'> <iframe width="0%" height="0" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/184570642&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> Deface/Content modification. The following signature was found: Hacked By VirgVorg-45 <title>Hacked By VirgVorg-45</title>
<link rel="icon" href="http://pixabay.com/static/uploads/photo/2013/07/13/09/54/indonesia-156266_640.png"> <head> <body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;'> <!-- --------Cursor--------- --> <style type='text/css'>body, a, a:link{cursor:url(http://4.bp.blogspot.com/-hAF7tPUnmEE/TwGR3lRH0EI/AAAAAAAAAs8/6pki22hc3NE/ ...[18978 bytes skipped]... | ||
http://loginatsolutions.co.uk/test404page.js | 404 Not Found Content-Length: 12839 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: loginatsolutions.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 May 2015 04:35:20 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 19108
Content-Type: text/html
Last-Modified: Thu, 26 Feb 2015 12:32:54 GMT
...19108 bytes of data.
GET / HTTP/1.1
Host: loginatsolutions.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 May 2015 04:35:20 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 19108
Content-Type: text/html
Last-Modified: Thu, 26 Feb 2015 12:32:54 GMT
...19108 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: loginatsolutions.co.uk
Referer: http://www.google.com/search?q=loginatsolutions.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: loginatsolutions.co.uk
Referer: http://www.google.com/search?q=loginatsolutions.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=loginatsolutions.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://loginatsolutions.co.uk/
Result: loginatsolutions.co.uk is not infected or malware details are not published yet.
Result: loginatsolutions.co.uk is not infected or malware details are not published yet.