Scanned pages/files
| Request | Server response | Status |
http://6thingsilove.com/ | 200 OK Content-Length: 882 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Ablaze Ever <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Hacked By Ablaze Ever</title> </head> <body> <h1 align="center">Hacked by Ablaze Ever</h1> <h1 align="center">BD GREY HAT HACKERS</h1> <h1 align="center"> BD XTOR - TiGER-M@TE - Rotating Rotor - Cr4cK Br4iN - Murkho Manob - Red Core - Ashik Iqbal chy - Space Fighter - Crack Kid - Black Man - Reza Bghh - Sajid Chowdhury - Nike@l - Grey Doremon - Darkk Hex - Dr@cul@ - Sharif Bghh ...[325 bytes skipped]... | ||
http://6thingsilove.com/test404page.js | 404 Not Found Content-Length: 15399 Content-Type: text/html | clean |
http://6thingsilove.com/wp-content/themes/noisy/js/jquery-1.3.2.min.js | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://6thingsilove.com/wp-content/themes/noisy/js/easySlider1.5.js | 200 OK Content-Length: 4586 Content-Type: application/javascript | clean |
http://6thingsilove.com/wp-content/themes/noisy/js/hoverintent.js | 200 OK Content-Length: 1609 Content-Type: application/javascript | clean |
http://6thingsilove.com/wp-content/themes/noisy/js/superfish.js | 200 OK Content-Length: 3707 Content-Type: application/javascript | clean |
http://6thingsilove.com/wp-content/themes/noisy/js/script.js | 200 OK Content-Length: 1546 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(document).ready(function() {
$("#slider").easySlider({ controlsBefore: '<p id="controls">', controlsAfter: '</p>', auto: true, continuous: true }); $("ul.sf-menu").superfish({ autoArrows: false, delay: 400, animation: {opacity:'show',height:'show'}, speed: 'fast', autoArrows: false, dropShadows: fa var a = $(this).children('a'); var aClass = a.attr('rel'); if (thisaClass == aClass) { $('.'+aClass).show(); a.attr('class','active'); } else { $('.'+aClass).hide(); a.attr('class',''); } }); return false; }); $('.topnav ul').children('li').each(function() { $(this).children('a').html('<span>'+$(this).children('a').text()+'</span>'); }); }); Antivirus reports:
| ||
http://6thingsilove.com/feed/ | 200 OK Content-Length: 26021 Content-Type: text/xml | clean |
http://6thingsilove.com/wp-content/uploads/2012/03/300x250.seasons10.jpg | 404 Not Found Content-Length: 15399 Content-Type: text/html | clean |
http://6thingsilove.com/about-us/ | 200 OK Content-Length: 16146 Content-Type: text/html | clean |
http://6thingsilove.com/contact-us/ | 200 OK Content-Length: 16076 Content-Type: text/html | clean |
http://6thingsilove.com/privacy-policy/ | 200 OK Content-Length: 16427 Content-Type: text/html | clean |
http://6thingsilove.com/seasonal-promotions/ | 200 OK Content-Length: 19978 Content-Type: text/html | clean |
http://6thingsilove.com/category/accessories/ | 200 OK Content-Length: 24323 Content-Type: text/html | clean |
http://6thingsilove.com/2012/12/where-to-buy-glow-led-products/ | 200 OK Content-Length: 21846 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 6thingsilove.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Dec 2015 16:09:29 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://6thingsilove.com/xmlrpc.php
GET / HTTP/1.1
Host: 6thingsilove.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Dec 2015 16:09:29 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://6thingsilove.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: 6thingsilove.com
Referer: http://www.google.com/search?q=6thingsilove.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 6thingsilove.com
Referer: http://www.google.com/search?q=6thingsilove.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=6thingsilove.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://6thingsilove.com/
Result: 6thingsilove.com is not infected or malware details are not published yet.
Result: 6thingsilove.com is not infected or malware details are not published yet.