Scanned pages/files
Request | Server response | Status |
http://www.ntltraining.co.uk/ | 200 OK Content-Length: 2748 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY HACKINGTHUNDER
<META http-equiv=content-type content=text/html;charset=iso-8859-9>
<META http-equiv=content-type content=text/html;charset=windows-1254> <META http-equiv=content-type content=text/html;charset=x-mac-turkish> <head> <script type="text/javascript"> </script> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <meta name="keywords" content="HACKED BY HACKINGTHUNDER"> <meta name="description" content="HACKED BY HACKINGTHUNDER"><script type="text/javascript"> </script> <script type="text/javascript"> </script> </head> <title> »[HACKED BY HACKINGTHUNDER || CGH]« </title> <style type="text/css"> --></style> </head> <body> <div align="center"> <sc ...[2646 bytes skipped]... | ||
http://www.ntltraining.co.uk/test404page.js | 404 Not Found Content-Length: 17327 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (document.getElementById("form_plugins_url")) { var plugin_url = document.getElementById("form_plugins_url").value; } else { var plugin_url = ""; } Antivirus reports:
| ||
http://www.ntltraining.co.uk/wp-content/themes/servicepro/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/themes/servicepro/js/jquery.easing.1.1.js | 200 OK Content-Length: 3294 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/themes/servicepro/js/jcarousel.js | 200 OK Content-Length: 2137 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/themes/servicepro/js/cufon.js | 200 OK Content-Length: 18626 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/themes/servicepro/js/Myriad_Pro_700.font.js | 200 OK Content-Length: 21375 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/plugins/a10-imaio/js/wpfb.js?ver=3.9.2 | 200 OK Content-Length: 13273 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/plugins/form-maker/js/main_front_end.js?ver=3.9.2 | 200 OK Content-Length: 56098 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/plugins/form-maker/js/calendar.js?ver=3.9.2 | 200 OK Content-Length: 36556 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/plugins/form-maker/js/calendar-setup.js?ver=3.9.2 | 200 OK Content-Length: 4919 Content-Type: application/javascript | clean |
http://www.ntltraining.co.uk/wp-content/plugins/form-maker/js/calendar_function.js?ver=3.9.2 | 200 OK Content-Length: 15039 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ntltraining.co.uk
Result:
GET / HTTP/1.1
Host: ntltraining.co.uk
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ntltraining.co.uk
Referer: http://www.google.com/search?q=ntltraining.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ntltraining.co.uk
Referer: http://www.google.com/search?q=ntltraining.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ntltraining.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ntltraining.co.uk/
Result: ntltraining.co.uk is not infected or malware details are not published yet.
Result: ntltraining.co.uk is not infected or malware details are not published yet.