Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Redcross Site Hacked

March 05, 2010 - 1 min read

ImageIn this morning's logs I noticed that Zscaler detected malicious content within redcross-esc.org web-pages. Turns out that the site was a victim of a malicious iFrame injection, and I thought a short post on this would be a good follow-up from Umesh's previous post on hidden malicious iFrames.

redcross-esc.org belongs to the American Red Cross East Shoreline Chapter and is hosted on GoDaddy. Pages infected include:


  • hxxp://www.redcross-esc.org/gethelp/index.html
  • hxxp://www.redcross-esc.org/getinvolved/index.html
  • hxxp://www.redcross-esc.org/givemoney/index.html

Screenshot of malicious iFrame:
ImageFirst stage decode:
ImageFinal decode writes iFrame to hxxp://foxionserl.com/:
Fortunately the foxionserl.com domain is not currently resolving, so the malicious page is not being pulled - Google results show that it had hosted a Adobe Acrobat PDF Reader exploit. Notifications are being sent to Redcross and GoDaddy.


form submtited
Thank you for reading

Was this post useful?

dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.