Scanned pages/files
| Request | Server response | Status |
http://tikrit-university.com/ | 200 OK Content-Length: 5167 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 9 websites. size: 1x1 src: http://www.youtube.com/embed/hio1fhy_3hm?rel=0&autoplay=1&loop=1&playlist=hio1fhy_3hm <iframe width="1" height="1" src="http://www.youtube.com/embed/hio1fhy_3hm?rel=0&autoplay=1&loop=1&playlist=hio1fhy_3hm" frameborder="0" allowfullscreen> Deface/Content modification. The following signature was found: Hacked by Jhw ...[104 bytes skipped]... no fb, no tweet, and also no other 2013 - now, indonesia ---------------------------------------------> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Hacked by Jhw</title> <link rel="shortcut icon" href="http://i.imgur.com/E5ZyxMZ.png"> </head> <script src='http://adithya.googlecode.com/files/Apctrl%2Bu.js' type='text/javascript'></script><br /> <body><br /> <head> <meta charset='utf-8'/> <title>Freedom Forever</title> <link rel='shortcut icon' href='http://i0.wp.com/s.wordpress.org/about/images/logos/wordpress-logo-notext-rgb.p ...[5265 bytes skipped]... | ||
http://adithya.googlecode.com/files/Apctrl%2Bu.js | 404 Not Found Content-Length: 1444 Content-Type: text/html | clean |
http://adithya.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://adithya.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://code.jquery.com/jquery-latest.min.js | 200 OK Content-Length: 93107 Content-Type: application/x-javascript | clean |
http://courses.cat.org.uk/Js/typing.js | 200 OK Content-Length: 3338 Content-Type: application/x-javascript | clean |
http://courses.cat.org.uk/Js/typing_.js | 200 OK Content-Length: 348 Content-Type: application/x-javascript | clean |
http://xro0t.hol.es/right_click.js | 200 OK Content-Length: 434 Content-Type: application/javascript | clean |
http://go.pub2srv.com/apu.php?zoneid=16780 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 13 Apr 2014 11:35:12 GMT Location: http://onclickads.net/apu.php?zoneid=16780&rocl=1 Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://onclickads.net/apu.php?zoneid=16780&rocl=1 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://1phads.com/notice.php?p=16781&interactive=1&pushup=1 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://tikrit-university.com//go.pub2srv.com/apu.php?zoneid=16780/ | HTTP/1.1 302 Found Connection: close Date: Sun, 13 Apr 2014 11:35:13 GMT Location: http://redirect.main-hosting.com/error404.php/23?domain=tikrit-university.com Server: Content-Length: 261 Content-Type: text/html; charset=iso-8859-1 | clean |
http://redirect.main-hosting.com/error404.php/23?domain=tikrit-university.com | 200 OK Content-Length: 156 Content-Type: text/html | clean |
http://tikrit-university.com//1phads.com/notice.php?p=16781&interactive=1&pushup=1/ | HTTP/1.1 302 Found Connection: close Date: Sun, 13 Apr 2014 11:35:14 GMT Location: http://redirect.main-hosting.com/error404.php/23?domain=tikrit-university.com Server: Content-Length: 261 Content-Type: text/html; charset=iso-8859-1 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tikrit-university.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 13 Apr 2014 11:35:09 GMT
Server:
Vary: Accept-Encoding
Content-Length: 5167
Content-Type: text/html
X-Powered-By: PHP/5.3.24
...5167 bytes of data.
GET / HTTP/1.1
Host: tikrit-university.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 13 Apr 2014 11:35:09 GMT
Server:
Vary: Accept-Encoding
Content-Length: 5167
Content-Type: text/html
X-Powered-By: PHP/5.3.24
...5167 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tikrit-university.com
Referer: http://www.google.com/search?q=tikrit-university.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tikrit-university.com
Referer: http://www.google.com/search?q=tikrit-university.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tikrit-university.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tikrit-university.com/
Result: tikrit-university.com is not infected or malware details are not published yet.
Result: tikrit-university.com is not infected or malware details are not published yet.