Scanned pages/files
| Request | Server response | Status |
http://www.opaleedu.com/ | 200 OK Content-Length: 22025 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){while(c--)if(k[c])p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c]);return p}('w u(t){0=s.r("6");0.q();0.p();0.o(n)}7 4={m:"l"};7 2={k:"6"};j.i("h://g.f.e/v/d?c=1&b=0&a=3","9","1","1","8",5,5,4,2);',33,33,'ytplayer||atts||params|null|myytplayer|var||ytapiplayer|version|playerapiid|enablejsapi|1mlbypRQ878|com|youtube|www|http|embedSWF|swfobject|id|always|allowScriptAccess|true|setLoop|playVideo|mute|getElementById|document|playerId|onYouTubePlayerReady||function'.split('|'))) Antivirus reports:
Deface/Content modification. The following signature was found: | [ Hacked By #TB_H4Ck3R! ] | ...[105 bytes skipped]... ' rel='stylesheet' type='text/css'> <link rel='shortcut icon' href='http://img513.imageshack.us/img513/864/eedfsf.gif'></link> <head> <script language="JavaScript"> var brzinakucanja = 200; var pauzapor = 2000; var vremeid = null; var kretanje = false; var poruka = new Array(); var slporuka = 0; var bezporuke = 0; poruka[0] = " | [ Hacked By #TB_H4Ck3R! ] |" function prikaz() { var text = poruka[slporuka]; if (bezporuke < text.length) { if (text.charAt(bezporuke) == " ") bezporuke++ var ttporuka = text.substring(0, bezporuke + 1); document.title = ttporuka; bezporuke++ vremeid = setTimeout("prikaz()", brzinakucanja); kretanje = true; } else { bezporuke = 0; slporuka++ if (slporuka == poruka.length) slporuka = 0; vremeid = setTimeout("pri ...[24430 bytes skipped]... | ||
http://code.jquery.com/jquery-latest.min.js | 200 OK Content-Length: 95786 Content-Type: application/x-javascript | clean |
http://www.opaleedu.com/test404page.js | 200 OK Content-Length: 22025 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){while(c--)if(k[c])p=p.replace(new RegExp('\\b'+c.toString(a)+'\\b','g'),k[c]);return p}('w u(t){0=s.r("6");0.q();0.p();0.o(n)}7 4={m:"l"};7 2={k:"6"};j.i("h://g.f.e/v/d?c=1&b=0&a=3","9","1","1","8",5,5,4,2);',33,33,'ytplayer||atts||params|null|myytplayer|var||ytapiplayer|version|playerapiid|enablejsapi|1mlbypRQ878|com|youtube|www|http|embedSWF|swfobject|id|always|allowScriptAccess|true|setLoop|playVideo|mute|getElementById|document|playerId|onYouTubePlayerReady||function'.split('|'))) Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: opaleedu.com
Result:
GET / HTTP/1.1
Host: opaleedu.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: opaleedu.com
Referer: http://www.google.com/search?q=opaleedu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: opaleedu.com
Referer: http://www.google.com/search?q=opaleedu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=opaleedu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://opaleedu.com/
Result: opaleedu.com is not infected or malware details are not published yet.
Result: opaleedu.com is not infected or malware details are not published yet.