Scanned pages/files
Request | Server response | Status |
http://suryaent.net/ | 200 OK Content-Length: 6259 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HaCkeD By ...[3125 bytes skipped]... the new string count = 0; if (count2 != 4) { //write 4 strings count2++; text2 += "<p>"; //a new line text = eval('msg['+count2+'].split("")'); //get the new string to text setTimeout('writetext()', 25); } } } </script> <div id="nothing" style="font-family: 'Courier';"><h2> <p><b><font face="Courier"> HaCkeD By </font> aMIr-FucKeR </b></p></div> <a href="http://farshid.farhat.googlepages.com/"> <body style="background-image: url('animated_60.gif')"></body><script language="JavaScript">var backgroundOffset = 0;var bgObject = eval('document.body');function scrollBG(maxSize) {backgroundOffset = backgroundOffset + 1;if (backgroundOffset > maxSize) backgroundOffset = 0;bgObject.style.backgroundPosition = "0 " + backgroundOf ...[3819 bytes skipped]... | ||
http://www.chat11.ir/gharib/baresh-baranparats113.php | 200 OK Content-Length: 399 Content-Type: text/html | clean |
http://www.chat11.ir/wp-content/uploads/2014/10/baresh-baranparats112.js | 200 OK Content-Length: 3653 Content-Type: application/javascript | clean |
http://www.chat11.ir/test404page.js | 404 Not Found Content-Length: 20507 Content-Type: text/html | clean |
http://www.chat11.ir/wp-content/themes/modernblog/js/jquery-1.7.1.min.js | 200 OK Content-Length: 93867 Content-Type: application/javascript | clean |
http://www.webgozar.ir/c.aspx?Code=3378162&t=counter | 200 OK Content-Length: 659 Content-Type: text/html | clean |
http://www.webgozar.ir/test404page.js | 404 Not Found Content-Length: 1245 Content-Type: text/html | clean |
http://www.chat11.ir/wp-content/themes/modernblog/js/tabs.js | 200 OK Content-Length: 5787 Content-Type: application/javascript | clean |
http://www.chat11.ir/wp-content/themes/modernblog/js/apps.js | 200 OK Content-Length: 712 Content-Type: application/javascript | clean |
http://www.chat11.ir/wp-content/themes/modernblog/js/poshytip-1.1/src/jquery.poshytip.min.js | 200 OK Content-Length: 10519 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: suryaent.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 20 Jul 2015 04:09:11 GMT
Server: nginx/1.8.0
Content-Type: text/html
GET / HTTP/1.1
Host: suryaent.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 20 Jul 2015 04:09:11 GMT
Server: nginx/1.8.0
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: suryaent.net
Referer: http://www.google.com/search?q=suryaent.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: suryaent.net
Referer: http://www.google.com/search?q=suryaent.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=suryaent.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://suryaent.net/
Result: suryaent.net is not infected or malware details are not published yet.
Result: suryaent.net is not infected or malware details are not published yet.