Scanned pages/files
| Request | Server response | Status |
http://www.zwcad.ph/ | 200 OK Content-Length: 2729 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Moh Ooasiic <!DOCTYPE html>
<html dir='ltr' lang='en-US'> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="viewport" content="initial-scale = 1.0, maximum-scale = 1.0, user-scalable = no, width = device-width"> <meta name="description" content="Hacked By Moh Ooasiic"> <meta name="keywords" content="Hacked By Moh Ooasiic"><meta name="copyright" content="Copyright 2014" /> <link rel="shortcut icon" href="http://www.educdz.com/montada/imgcache/1075.imgcache.gif" type="image/x-icon"><title> ╞Hacked By Moh Ooasiic & Lakhdar DZ╡</title> <!-- Hacked By Moh Ooasiic --> <link href="http://fonts.googleapis.com ...[2567 bytes skipped]... | ||
http://www.zwcad.ph/test404page.js | 404 Not Found Content-Length: 18449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (document.getElementById("form_plugins_url")) { var plugin_url = document.getElementById("form_plugins_url").value; } else { var plugin_url = ""; } Antivirus reports:
| ||
http://www.zwcad.ph/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/main_front_end.js?ver=3.8 | 200 OK Content-Length: 55795 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/calendar.js?ver=3.8 | 200 OK Content-Length: 36556 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/calendar-setup.js?ver=3.8 | 200 OK Content-Length: 4919 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/calendar_function.js?ver=3.8 | 200 OK Content-Length: 15039 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/jquery-ui.js?ver=3.8 | 200 OK Content-Length: 301184 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/form-maker/js/jquery.ui.slider.js?ver=3.8 | 200 OK Content-Length: 17595 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/themes/MyProduct/js/superfish.js | 200 OK Content-Length: 3714 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.46.0-2013.11.21 | 200 OK Content-Length: 14798 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.6 | 200 OK Content-Length: 7691 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/themes/MyProduct/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 | 200 OK Content-Length: 6717 Content-Type: application/javascript | clean |
http://www.zwcad.ph/wp-content/themes/MyProduct/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 15647 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zwcad.ph
Result:
GET / HTTP/1.1
Host: zwcad.ph
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zwcad.ph
Referer: http://www.google.com/search?q=zwcad.ph
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zwcad.ph
Referer: http://www.google.com/search?q=zwcad.ph
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zwcad.ph
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zwcad.ph/
Result: zwcad.ph is not infected or malware details are not published yet.
Result: zwcad.ph is not infected or malware details are not published yet.