Scanned pages/files
Request | Server response | Status |
http://newageoil.com/ | 200 OK Content-Length: 13182 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('i 9;$.8.7=n(b){i c={P:10,Q:2,F:10,1y:v,1h:v,19:\'1z\',C:\'1a\',K:r,G:r,D:v};k(!b)b=c;i d=$.1Z(c,b);9=$.8.7.1A();E 1B.20(n(){i a=$(1B);k(d.D){d.1C={Z:a.g(\'Z\'),11:a.g(\ Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By vurus_0f_jordan. 
<html><head><title>Hacked By vurus_0f_jordan.</title> <font size="5">Hacked by : virus_of_jordan.</font>,<br/><br/><font size="6"> never Stop</font> !!!<br/><br/> <font size="5">sory admin</font><br/><br/> <font size="5">Your Securitty Low 0%</font><br/><br/><font size="5">Proud To Be Musliman#arab</font><br/><br/> ...[14487 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://onehackoranother.com/projects/jquery/jquery-grab-bag/javascripts/jquery.text-effects.js | 200 OK Content-Length: 3108 Content-Type: application/javascript | clean |
http://newageoil.com/plugins/system/rokbox/rokbox.js | 404 Not Found Content-Length: 348 Content-Type: text/html | clean |
http://newageoil.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://newageoil.com/plugins/system/rokbox/themes/dark/rokbox-config.js | 404 Not Found Content-Length: 367 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: newageoil.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Jul 2015 03:10:05 GMT
Accept-Ranges: bytes
ETag: "5fe6005-337e-4ae7c1c21d680"
Server: Apache
Content-Length: 13182
Content-Type: text/html
Last-Modified: Tue, 04 Oct 2011 17:06:18 GMT
...13182 bytes of data.
GET / HTTP/1.1
Host: newageoil.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 12 Jul 2015 03:10:05 GMT
Accept-Ranges: bytes
ETag: "5fe6005-337e-4ae7c1c21d680"
Server: Apache
Content-Length: 13182
Content-Type: text/html
Last-Modified: Tue, 04 Oct 2011 17:06:18 GMT
...13182 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: newageoil.com
Referer: http://www.google.com/search?q=newageoil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: newageoil.com
Referer: http://www.google.com/search?q=newageoil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=newageoil.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://newageoil.com/
Result: newageoil.com is not infected or malware details are not published yet.
Result: newageoil.com is not infected or malware details are not published yet.