Scanned pages/files
| Request | Server response | Status |
http://paleta-art.pl/ | 200 OK Content-Length: 2744 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By HeGrIs_KhaN_OGaB_MarG <html>
<script type="text/javascript" language="javascript">// <![CDATA[ // (c) Premshree Pillai // HeGrIs_KhaN_OGaB_MarG // ..... // Use freely as long as this message is intact. var Javascript1msg = "Hacked By HeGrIs_KhaN_OGaB_MarG"; var Javascript1pos = 0; var Javascript1spacer = "***"; var Javascript1time_length = 350; function Javascript1ScrollTitle() { document.title = Javascript1msg.substring(Javascript1pos, Javascript1msg.length) + Javascript1spacer + Javascript1msg.substring(0, Javascript1pos); Javascript1pos++; if (Javascript1pos > Javascript1msg.length) Javascript1pos=0; window.setTimeout("Java ...[2717 bytes skipped]... | ||
http://up-is.ir/do.php?filename=142301443964851.mp3&start=1&replay=1&vol=100 | 200 OK Content-Length: 8908 Content-Type: text/html | clean |
http://up-is.ir/styles/iransky/jquery.js | 200 OK Content-Length: 92629 Content-Type: application/javascript | clean |
http://up-is.ir/styles/iransky/css/tooltip.js | 200 OK Content-Length: 1932 Content-Type: application/javascript | clean |
http://up-is.ir/styles/iransky/javascript.js | 200 OK Content-Length: 1748 Content-Type: application/javascript | clean |
http://ad.jahanpay.com/index.php/javascript/site/3438?img=125_125 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:18 GMT Location: http://jahanads.com/index3.php?id=3438&img=125_125 Server: LiteSpeed Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 | clean |
http://jahanads.com/index3.php?id=3438&img=125_125 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:18 GMT Location: http://ad.jahanpay.com/index3.php?id=3438&img=125_125 Server: LiteSpeed Content-Length: 1147 Content-Type: text/html | clean |
http://ad.jahanpay.com/index3.php?id=3438&img=125_125 | 200 OK Content-Length: 248 Content-Type: text/javascript | clean |
http://ad.jahanpay.com/index.php/javascript/site/3438?img=120_240 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:19 GMT Location: http://jahanads.com/index3.php?id=3438&img=120_240 Server: LiteSpeed Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 | clean |
http://jahanads.com/index3.php?id=3438&img=120_240 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:20 GMT Location: http://ad.jahanpay.com/index3.php?id=3438&img=120_240 Server: LiteSpeed Content-Length: 1147 Content-Type: text/html | clean |
http://ad.jahanpay.com/index3.php?id=3438&img=120_240 | 200 OK Content-Length: 248 Content-Type: text/javascript | clean |
http://jaba.ir/website/js | 200 OK Content-Length: 2919 Content-Type: application/javascript | clean |
http://v2.ipopup.ir/website/js | 200 OK Content-Length: 1113 Content-Type: application/javascript | clean |
http://apis.google.com/js/plusone.js | 200 OK Content-Length: 12784 Content-Type: application/javascript | clean |
http://up-is.ir/ | 200 OK Content-Length: 24098 Content-Type: text/html | clean |
http://up-is.ir/styles/iransky/keyboard/keyboard.js | 200 OK Content-Length: 73300 Content-Type: application/javascript | clean |
http://up-is.ir/styles/iransky/ads/jquery-latest.js | 200 OK Content-Length: 282766 Content-Type: application/javascript | clean |
http://ad.jahanpay.com/index.php/javascript/site/3438?img=728_90 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:24 GMT Location: http://jahanads.com/index3.php?id=3438&img=728_90 Server: LiteSpeed Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.2.17 | clean |
http://jahanads.com/index3.php?id=3438&img=728_90 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Apr 2015 01:32:24 GMT Location: http://ad.jahanpay.com/index3.php?id=3438&img=728_90 Server: LiteSpeed Content-Length: 1147 Content-Type: text/html | clean |
http://ad.jahanpay.com/index3.php?id=3438&img=728_90 | 200 OK Content-Length: 246 Content-Type: text/javascript | clean |
http://up-is.ir/styles/iransky/addfildfile/genjscript_kleefa.js | 200 OK Content-Length: 7165 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: paleta-art.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Apr 2015 01:32:16 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.30
GET / HTTP/1.1
Host: paleta-art.pl
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 22 Apr 2015 01:32:16 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.4.30
Second query (visit from search engine):
GET / HTTP/1.1
Host: paleta-art.pl
Referer: http://www.google.com/search?q=paleta-art.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: paleta-art.pl
Referer: http://www.google.com/search?q=paleta-art.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=paleta-art.pl
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://paleta-art.pl/
Result: paleta-art.pl is not infected or malware details are not published yet.
Result: paleta-art.pl is not infected or malware details are not published yet.