Scanned pages/files
Request | Server response | Status |
http://yabgo.com/ | 200 OK Content-Length: 71454 Content-Type: text/html | clean |
http://yabgo.com/dolph/gzip_loader.php?file=bx_templ_js_c8c3e458be06687a58e306f306801c4b.js | 200 OK Content-Length: 303487 Content-Type: text/javascript | clean |
http://yabgo.com/dolph/flash/modules/global/js/integration.js | 200 OK Content-Length: 969 Content-Type: application/javascript | clean |
http://yabgo.com/dolph/modules/boonex/custom_rss/js/main.js | 200 OK Content-Length: 868 Content-Type: application/javascript | clean |
http://yabgo.com/dolph/ | 200 OK Content-Length: 3893 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by Fallaga Team <!DOCTYPE html> <html> <title>Hacked by Fallaga Team</title> <head> <script> // ehsan gomnam setInterval(function(){ var rand = Math.floor(Math.random()*bg.length); document.body.style.background='#000 url('+bg[rand]+')no-repeat fixed center'; document.body.style.transition='all 1.2s ease'; },3000); </script> <style> /* * Designed By bl4ck-t3rrorist and Mr Dz */ ...[4116 bytes skipped]... | ||
http://yabgo.com/test404page.js | 404 Not Found Content-Length: 42057 Content-Type: text/html | clean |
http://yabgo.com/dolph/gzip_loader.php?file=bx_templ_js_4d5e133550d4d9afc7456f41b65aadb5.js | 200 OK Content-Length: 202465 Content-Type: text/javascript | clean |
http://yabgo.com/join.php | 200 OK Content-Length: 99529 Content-Type: text/html | clean |
http://yabgo.com/dolph/gzip_loader.php?file=bx_templ_js_e04ca1425e4c07d623c276d0f6798a18.js | 200 OK Content-Length: 300839 Content-Type: text/javascript | clean |
http://yabgo.com/dolph/index.php | 200 OK Content-Length: 3893 Content-Type: text/html | clean |
http://yabgo.com/dolph/browse.php | 200 OK Content-Length: 118585 Content-Type: text/html | clean |
http://yabgo.com/dolph/gzip_loader.php?file=bx_templ_js_84e4e594b735560e55a3fdb41e4c6917.js | 200 OK Content-Length: 205794 Content-Type: text/javascript | clean |
http://yabgo.com/dolph/join.php | 200 OK Content-Length: 99672 Content-Type: text/html | clean |
http://yabgo.com/dolph/search.php?online_only=1 | 200 OK Content-Length: 74309 Content-Type: text/html | clean |
http://yabgo.com/dolph/gzip_loader.php?file=bx_templ_js_eb89cff8717aad81963375b440a2d5e7.js | 200 OK Content-Length: 229186 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yabgo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Nov 2015 11:54:32 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Server: - Web acceleration by http://www.unixy.net/varnish
Content-Length: 71454
Content-Type: text/html; charset=utf-8
Set-Cookie: memberSession=%2Bgn%26f5P6wcHZpC%21CNtzC%2BFGsd%21EiBBY%3F; path=/dolph/; httponly
X-Cache: MISS
X-Cacheable: YES
X-Powered-By: PHP/5.5.27
X-Varnish: 1960757950
...71454 bytes of data.
GET / HTTP/1.1
Host: yabgo.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 27 Nov 2015 11:54:32 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Server: - Web acceleration by http://www.unixy.net/varnish
Content-Length: 71454
Content-Type: text/html; charset=utf-8
Set-Cookie: memberSession=%2Bgn%26f5P6wcHZpC%21CNtzC%2BFGsd%21EiBBY%3F; path=/dolph/; httponly
X-Cache: MISS
X-Cacheable: YES
X-Powered-By: PHP/5.5.27
X-Varnish: 1960757950
...71454 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yabgo.com
Referer: http://www.google.com/search?q=yabgo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yabgo.com
Referer: http://www.google.com/search?q=yabgo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yabgo.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yabgo.com/
Result: yabgo.com is not infected or malware details are not published yet.
Result: yabgo.com is not infected or malware details are not published yet.