Scanned pages/files
| Request | Server response | Status |
http://perfectblogpost.com/ | 200 OK Content-Length: 21674 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. <!-- VirgVorg-45 --> <!-- document.write(unescape('%3C%6C%69%6E%6B%20%68%72%65%66%3D%27%68%74%74%70%3A%2F%2F%66%6F%6E%74%73%2E%67%6F%6F%67%6C%65%61%70%69%73%2E%63%6F%6D%2F%63%73%73%3F%66%61%6D%69%6C%79%3D%41%64%76%65%6E%74%2B%50%72%6F%26%73%75%62%73%65%74%3D%6C%61%74%69%6E%2C%6C%61%74%69%6E%2D%65%78%74%27%20%72%65%6C%3D%27%73%74%79%6C%65%73%68%65%65%74%27%20%74%79%70%65%3D%27%74%65%78%74%2F%63%73%73%27%3E%3C%62%72%3E%3C%62% ...[4045 bytes skipped]... Decoded script: ...[1030 bytes skipped]... px;" /></a></a> <center> <br> <br> <br> <br> <font face="Informal Roman" color="white" size"5" >Copyright 2015 ~ VirgVorg-45</div> <br> <font face="Copperplate Gothic Bold" color="white" size"7" > ~ Newbie Cyber Team ~ </div> </div> <center> <hr width="550px" style='color:cyan;'> <iframe width="0%" height="0" scrolling="no" frameborder="no" src="https://w.soundcloud.com/player/?url=https%3A//api.soundcloud.com/tracks/184570642&auto_play=true&hide_related=false&show_comments=true&show_user=true&show_reposts=false&visual=true"></iframe> Deface/Content modification. The following signature was found: Hacked By VirgVorg-45 <title>Hacked By VirgVorg-45</title>
<link rel="icon" href="http://pixabay.com/static/uploads/photo/2013/07/13/09/54/indonesia-156266_640.png"> <head> <body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;'> <!-- --------Cursor--------- --> <style type="text/css">body, a:hover {cursor: url(http://cur.cursors-4u.net/cursors/cur-11/cur1031.cur), progress !important ...[21686 bytes skipped]... | ||
http://perfectblogpost.com/test404page.js | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
http://perfectblogpost.com//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 404 Not Found Content-Length: 767 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: perfectblogpost.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Mar 2015 21:56:12 GMT
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Vary: User-Agent,Accept-Encoding
Content-Length: 21674
Content-Type: text/html
X-Powered-By: PHP/5.3.13
...21674 bytes of data.
GET / HTTP/1.1
Host: perfectblogpost.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Mar 2015 21:56:12 GMT
Accept-Ranges: bytes
Age: 0
Server: Apache/2
Vary: User-Agent,Accept-Encoding
Content-Length: 21674
Content-Type: text/html
X-Powered-By: PHP/5.3.13
...21674 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: perfectblogpost.com
Referer: http://www.google.com/search?q=perfectblogpost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: perfectblogpost.com
Referer: http://www.google.com/search?q=perfectblogpost.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=perfectblogpost.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://perfectblogpost.com/
Result: perfectblogpost.com is not infected or malware details are not published yet.
Result: perfectblogpost.com is not infected or malware details are not published yet.