Scanned pages/files
Request | Server response | Status |
http://nassyagold.com/ | 200 OK Content-Length: 24305 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){while(c--)if(k[c])p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c]);return p}('w u(t){0=s.r("6");0.q();0.p();0.o(n)}7 4={m:"l"};7 2={k:"6"};j.i("h://g.f.e/v/d?c=1&b=0&a=3","9","1","1","8",5,5,4,2);',33,33,'ytplayer||atts||params|null|myytplayer|var||ytapiplayer|version|playerapiid|enablejsapi|1mlbypRQ878|com|youtube|www|http|embedSWF|swfobject|id|always|allowScriptAccess|true|setLoop|playVideo|mute|getElementById|document|playerId|onYouTubePlayerReady||function'.split('|'))) Antivirus reports:
Deface/Content modification. The following signature was found: Sorry, Your site has been Hacked by Me ;) ...[11300 bytes skipped]... ">[root@localhost~]# <span id="mytext6"> clear all </span></div> </div> <br> <div id="2ssh"> <div id="ssh7" class="ssh">[root@localhost~]# <span id="mytext7"><center><h1> Attacker By QuadGod </h1><br> Contact Us: quadgod2k14 [at]gmail[dot]com </center><br>=>Messages<br> =>Sorry, Your site has been Hacked by Me ;)<br> =>I Just tested your Security site :D <br> =>Please Patch Your System, Or I Will Comeback Again :p<br> =>There is Nothing Perfect Security ^o^<br> => NOTHING SECURITY IS PERFECT :*<br> => To get your site back upload original index.php to root and administartor<br> => UPDATE NOW!<br> <br> <br></span></div><div id="ssh5" class="ssh" ...[15869 bytes skipped]... | ||
http://code.jquery.com/jquery-latest.min.js | 200 OK Content-Length: 93107 Content-Type: application/x-javascript | clean |
http://nassyagold.com/test404page.js | 404 Not Found Content-Length: 462 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nassyagold.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Jun 2014 23:18:14 GMT
Server: cloudflare-nginx
Content-Type: text/html
CF-RAY: 1425d79555950f69-FRA
Set-Cookie: __cfduid=d808c3ebfeb99bb4d32fb4df70089c1591404083894612; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.nassyagold.com; HttpOnly
X-Powered-By: PHP/5.4.29
GET / HTTP/1.1
Host: nassyagold.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 29 Jun 2014 23:18:14 GMT
Server: cloudflare-nginx
Content-Type: text/html
CF-RAY: 1425d79555950f69-FRA
Set-Cookie: __cfduid=d808c3ebfeb99bb4d32fb4df70089c1591404083894612; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.nassyagold.com; HttpOnly
X-Powered-By: PHP/5.4.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: nassyagold.com
Referer: http://www.google.com/search?q=nassyagold.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nassyagold.com
Referer: http://www.google.com/search?q=nassyagold.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nassyagold.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nassyagold.com/
Result: nassyagold.com is not infected or malware details are not published yet.
Result: nassyagold.com is not infected or malware details are not published yet.