Scanned pages/files
Request | Server response | Status |
http://www.aachin.info/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 08 Feb 2015 22:18:05 GMT Location: http://www.aachin.info/techen Server: Apache Content-Length: 237 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.aachin.info/techen | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 08 Feb 2015 22:18:05 GMT Location: http://www.aachin.info/techen/ Server: Apache Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.aachin.info/techen/ | 200 OK Content-Length: 134673 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED BY CELLATREIS ...[41308 bytes skipped]... ; filed under <a href="http://www.aachin.info/techen/category/php/" rel="category tag">php</a>.</p> </header> <!-- end article header --> <section class="post_content clearfix"> <p class="lead">My website recently got hacked. Whatever page you go in, it just shows this text repeatedly:</p> <blockquote><p>HACKED BY CELLATREIS</p></blockquote> <p>I searched different articles online, trying to find any suspicious code, but without luck. So I installed a fresh new wordpress in another folder, and copied the current database. It works well when newly installed until the databased was filled in. Again, this repeated hacking text. I started searching around database tables, especially wp_options table. Finally found one suspicious row with script in it. The row is called widget ...[122646 bytes skipped]... | ||
http://www.aachin.info/techen/wp-content/themes/wordpress-bootstrap/library/js/libs/jquery-1.7.1.min.js?ver=1.7.1 | 200 OK Content-Length: 94234 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js?ver=2.6.7 | 200 OK Content-Length: 24168 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/wp-content/themes/wordpress-bootstrap/library/js/bootstrap.min.js?ver=4.0.1 | 200 OK Content-Length: 25563 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/wp-content/themes/wordpress-bootstrap/library/js/scripts.js?ver=4.0.1 | 200 OK Content-Length: 3655 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/wp-content/themes/wordpress-bootstrap/library/js/modernizr.full.min.js?ver=4.0.1 | 200 OK Content-Length: 16819 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/about-me/ | 200 OK Content-Length: 20384 Content-Type: text/html | clean |
http://www.aachin.info/techen/wp-includes/js/comment-reply.min.js?ver=4.0.1 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://www.aachin.info/techen/swift-concatenate-string-with-number/ | 200 OK Content-Length: 30287 Content-Type: text/html | clean |
http://www.aachin.info/techen/author/aachin/ | 200 OK Content-Length: 77444 Content-Type: text/html | clean |
http://www.aachin.info/techen/category/ios/ | 200 OK Content-Length: 29351 Content-Type: text/html | clean |
http://www.aachin.info/techen/swift-singleton-implementation-with-access-control-mechanisms/ | 200 OK Content-Length: 38959 Content-Type: text/html | clean |
http://www.aachin.info/techen/tag/ios-8/ | 200 OK Content-Length: 29321 Content-Type: text/html | clean |
http://www.aachin.info/techen/how-to-run-swift-in-console/ | 200 OK Content-Length: 27679 Content-Type: text/html | clean |
http://www.aachin.info/techen/tag/swift/ | 200 OK Content-Length: 29321 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aachin.info
Result:
GET / HTTP/1.1
Host: aachin.info
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: aachin.info
Referer: http://www.google.com/search?q=aachin.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aachin.info
Referer: http://www.google.com/search?q=aachin.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aachin.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aachin.info/
Result: aachin.info is not infected or malware details are not published yet.
Result: aachin.info is not infected or malware details are not published yet.