Insights and Research

Redcross Site Hacked

In this morning's logs I noticed that Zscaler detected malicious content within web-pages. Turns out that the site was a victim of a malicious iFrame injection, and I thought a short post on this would be a good follow-up from Umesh's previous post on hidden malicious iFrames. belongs to the American Red Cross East Shoreline Chapter and is hosted on GoDaddy. Pages infected include:


  • hxxp://
  • hxxp://
  • hxxp://

Screenshot of malicious iFrame:
First stage decode:
Final decode writes iFrame to hxxp://

Fortunately the domain is not currently resolving, so the malicious page is not being pulled - Google results show that it had hosted a Adobe Acrobat PDF Reader exploit. Notifications are being sent to Redcross and GoDaddy.


Stay up to date with the latest digital transformation tips and news.

By clicking the submit button, you are agreeing to our privacy policy.