Scanned pages/files
| Request | Server response | Status |
http://www.waternotgold.info/ | 200 OK Content-Length: 37167 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Mk0-haCker ...[23628 bytes skipped]... n"> <div class="block-inner clearfix"> <div class="content clearfix"> <div class="gov-front-layout clearfix"> <div class="panel-pane pane-bean-panels"> <div class="pane-content"> <div class="entity entity-bean bean-basic-content default clearfix"> <h2>Hacked By Mk0-haCker</h2> <div class="content"> <div class="field field-name-field-bean-body field-type-text-long field-label-hidden"><div class="field-items"><div class="field-item even"><head> <meta content="text/html; charset=utf-8" http-equiv="Content-Type"/> <title>HaCkeD By Mk0-HaCker</title> <head> <style type="text/css">body{background:#000 url(http://im49.gulfup.com/pdzqMq.gif);backg ...[15901 bytes skipped]... | ||
http://www.waternotgold.info/sites,_all,_modules,_jquery_update,_replace,_jquery,_1.5,_jquery.min.js,,qv==1.5.2,Mjm.kYkDJlOiOC.js+misc,_jquery.once.js,,qv==1.2,Mjm.QOgkBiaBty.js+misc,_drupal.js,,qngfn1y,Mjm.iNYiGrRhoB.js+sites,_all,_modules,_agov,_modules,_features_content,_agov_slideshow,_js,_slideshow.js,,qngfn1y,Mjm.bawcggBdZs.js+profiles,_agov,_modules,_contrib,_panels,_js,_panels.js,,qngfn1y, <span>...250 symbols skipped</span> | 200 OK Content-Length: 97223 Content-Type: application/javascript | clean |
https://platform.twitter.com/widgets.js | 200 OK Content-Length: 115259 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles,_agov,_libraries,_superfish,_supposition.js,,qngfn1y,Mjm.YYCqHzVJcA.js+profiles,_agov,_libraries,_superfish,_superfish.js,,qngfn1y,Mjm.SZqw2cpN4M.js+profiles,_agov,_libraries,_superfish,_supersubs.js,,qngfn1y,Mjm.qEvfOsEzk_.js+profiles,_agov,_modules,_contrib,_superfish,_superfish.js,,qngfn1y,Mjm.pLWrFRbBvB.js+sites,_all,_themes,_agov_base,_js,_jquery.smartres <span>...368 symbols skipped</span> | 200 OK Content-Length: 14678 Content-Type: application/javascript | clean |
http://www.waternotgold.info/?ModPagespeed=noscript | 200 OK Content-Length: 119702 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function tukar(lama,baru){document.getElementById(lama).style.display='none';document.getElementById(baru).style.display='block';} Antivirus reports:
| ||
http://www.waternotgold.info/sites/all/modules/jquery_update/replace/jquery/1.5/jquery.min.js?v=1.5.2 | 200 OK Content-Length: 85260 Content-Type: application/javascript | clean |
http://www.waternotgold.info/misc/jquery.once.js?v=1.2 | 200 OK Content-Length: 2974 Content-Type: application/javascript | clean |
http://www.waternotgold.info/misc/drupal.js?ngfn1y | 200 OK Content-Length: 14544 Content-Type: application/javascript | clean |
http://www.waternotgold.info/sites/all/modules/agov/modules/features_content/agov_slideshow/js/slideshow.js?ngfn1y | 200 OK Content-Length: 3676 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles/agov/modules/contrib/panels/js/panels.js?ngfn1y | 200 OK Content-Length: 746 Content-Type: application/javascript | clean |
http://www.waternotgold.info/sites/all/modules/agov/modules/custom/agov_text_resize/js/text-resize.js?ngfn1y | 200 OK Content-Length: 690 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles/agov/modules/contrib/google_analytics/googleanalytics.js?ngfn1y | 200 OK Content-Length: 3411 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles/agov/libraries/superfish/supposition.js?ngfn1y | 200 OK Content-Length: 3217 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles/agov/libraries/superfish/superfish.js?ngfn1y | 200 OK Content-Length: 4095 Content-Type: application/javascript | clean |
http://www.waternotgold.info/profiles/agov/libraries/superfish/supersubs.js?ngfn1y | 200 OK Content-Length: 3770 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: waternotgold.info
Result:
GET / HTTP/1.1
Host: waternotgold.info
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: waternotgold.info
Referer: http://www.google.com/search?q=waternotgold.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: waternotgold.info
Referer: http://www.google.com/search?q=waternotgold.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=waternotgold.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://waternotgold.info/
Result: waternotgold.info is not infected or malware details are not published yet.
Result: waternotgold.info is not infected or malware details are not published yet.