Scanned pages/files
Request | Server response | Status |
http://thesalisburygroup.co.uk/ | 200 OK Content-Length: 8011 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- HTML Encryption provided by iWEBTOOL.com --> <!-- document.write(unescape('%3C%65%6D%62%65%64%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%77%77%77%2E%79%6F%75%74%75%62%65%2E%63%6F%6D%2F%76%2F%59%69%71%62%55%76%75%68%65%43%59%26%61%75%74%6F%70%6C%61%79%3D%31%22%20%74%79%70%65%3D%22%61%70%70%6C%69%63%61%74%69%6F%6E%2F%78%2D%73%68%6F%63%6B%77%61%76%65%2D%66%6C%61%73%68%22%20%77%6D%6F%64%65%3D%22%74%72%61%6E%73%70%61%72%65%6E%74%22%20%77%69%64%74%68%3D%22%31%22%20%68%65%69%67%68%74%3D%22%31%22%3E%3C%2F%65%6D%62%65%64%3E')); Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By nG0xz <!--------------------------------------------
Hacked By nG0xz fb.com/nG0xz ---------------------------------------------> <html><head> <!-- Zone-H Mirror Accept Notified nG0xz --> <title>Hacked By nG0xz</title><link href="" rel="SHORTCUT ICON" /> <link REL="SHORTCUT ICON" HREF="icons.iconarchive.com/icons/hopstarter/flag/256/Indonesia-icon.png"> <script type='text/javascript'> ...[8351 bytes skipped]... | ||
http://thesalisburygroup.co.uk/test404page.js | 404 Not Found Content-Length: 289 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thesalisburygroup.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Oct 2015 11:29:29 GMT
Accept-Ranges: bytes
Server: Apache/2.2
Content-Length: 8011
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 21 Jul 2015 02:45:09 GMT
Set-Cookie: X-Mapping-kgmggapi=C0D25A05E2FCCB00AA6F0DE9C084394B; path=/
...8011 bytes of data.
GET / HTTP/1.1
Host: thesalisburygroup.co.uk
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 06 Oct 2015 11:29:29 GMT
Accept-Ranges: bytes
Server: Apache/2.2
Content-Length: 8011
Content-Type: text/html; charset=UTF-8
Last-Modified: Tue, 21 Jul 2015 02:45:09 GMT
Set-Cookie: X-Mapping-kgmggapi=C0D25A05E2FCCB00AA6F0DE9C084394B; path=/
...8011 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thesalisburygroup.co.uk
Referer: http://www.google.com/search?q=thesalisburygroup.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thesalisburygroup.co.uk
Referer: http://www.google.com/search?q=thesalisburygroup.co.uk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thesalisburygroup.co.uk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thesalisburygroup.co.uk/
Result: thesalisburygroup.co.uk is not infected or malware details are not published yet.
Result: thesalisburygroup.co.uk is not infected or malware details are not published yet.