Scanned pages/files
| Request | Server response | Status |
http://zstianteng.net/ | 200 OK Content-Length: 8049 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.star28.com ...[2385 bytes skipped]... E.MSONORMALTABLE { } table.MsoNormalTable {mso-style-parent:""; font-size:10.0pt; font-family:"Times New Roman"; } .style2 { font-size: large; font-weight: bold; } #Matrix #s1 { font-family: Tahoma, Geneva, sans-serif; font-size: 12px; text-decoration: none; color: #FFF; } </style></head> <body bgcolor="#000000"> <script language="JavaScript1.2"> /***************************************** * Visit our site at http://www.star28.com/ for more code * This notice must stay intact for use ***********************************************/ //change 1 to another integer to alter the scroll speed. Greater is faster var speed=1 var currentpos=0,alt=1,curpos1=0,curpos2=-1 function initialize(){ startit() } function scrollwindow(){ if (document.all) temp=document.body.scrollTop else temp=window.pageYOffset if (alt==0) alt=1 else alt=0 if (alt==0) curpos1=temp else curpos2=temp if (curpos1!=curpos2){ if (document.all) cur ...[5848 bytes skipped]... Deface/Content modification. The following signature was found: [HacKed By Dr.web] ...[183 bytes skipped]... ="image/x-icon" href="https://lh6.googleusercontent.com/-pHwIvrk5gdE/AAAAAAAAAAI/AAAAAAAAAAA/0-pz3l8ZFE0/s27-c/photo.jpg" rel="icon"> <body> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta http-equiv="Content-Language" content="ar-sa"> <title> :.SiR Abdou WaS HeRe:</title> <script language="JavaScript"> //Disable right mouse click Script var message="[HacKed By Dr.web] "; /////////////////////////////////// function clickIE4(){ if (event.button==2){ alert(message); return false; } } function clickNS4(e){ if (document.layers||document.getElementById&&!document.all){ if (e.which==2||e.which==3){ alert(message); return false; } } } if (document.layers){ document.captureEvents(Event.MOUSEDOWN); document.onmousedown=clickNS4; } else if (document.all&&!document.getElementById){ document.onmousedown=clickIE4; } document.onconte ...[8077 bytes skipped]... | ||
http://zstianteng.net/test404page.js | 404 Not Found Content-Length: 292 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zstianteng.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Apr 2014 09:10:24 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.2-1ubuntu4.7
GET / HTTP/1.1
Host: zstianteng.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Apr 2014 09:10:24 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.2-1ubuntu4.7
Second query (visit from search engine):
GET / HTTP/1.1
Host: zstianteng.net
Referer: http://www.google.com/search?q=zstianteng.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zstianteng.net
Referer: http://www.google.com/search?q=zstianteng.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zstianteng.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zstianteng.net/
Result: zstianteng.net is not infected or malware details are not published yet.
Result: zstianteng.net is not infected or malware details are not published yet.