|Deceiving Error Page with HTTP Response 200|
|404 Error Page (with HTTP Response 404)|
|Embedded JS Files from Drupal CMS|
|Embedded Obfuscated JS Code|
|Deobfuscated JS Code|
This trick is quite nice to deceive analysts with lack of attention to details, especially when they solely looks for HTTP response code as their first filters to start their analysis.
Another trick that might need to be handled carefully such as redirection to domain parking page, where we might think that the malicious site has already brought down by hosting company.