Scanned pages/files
Request | Server response | Status |
http://chirominders.com/ | 200 OK Content-Length: 49923 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by AlfabetoVirtual ...[6704 bytes skipped]... itle"); jQuery(this).attr('title',title); }) } // Supported file extensions var thumbnails = jQuery("a:has(img)").not(".nolightbox").filter( function() { return /\.(jpe?g|png|gif|bmp)$/i.test(jQuery(this).attr('href')) }); jQuery("a.fancybox").fancybox({ 'cyclic': false, 'autoScale': false, 'padding': </script><script>document.title = 'Hacked by AlfabetoVirtual';</script><style>body {font-family: Times New Roman, cursive, sans-serif;background-color: #000000;color:white; text-shadow:0 0 60px black;font-size:20px;}</style><center><br /><br /><br /><br /><br /><br /><h1>Hacked by AlfabetoVirtual</h1><h2 style='color: white'>Hackeado por AlfabetoVirtual</h2>#BrazilUnderground #HackersBrasileirosUnidos #AntiGovernoBR</center><!--Hackedddd ...[49082 bytes skipped]... | ||
http://chirominders.com/wp-content/plugins/wp-prettyphoto/js/jquery-1.3.2.min.js?ver=1.3.2 | 200 OK Content-Length: 57254 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/plugins/wp-prettyphoto/js/jquery.prettyPhoto.js?ver=2.5.5 | 200 OK Content-Length: 16777 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.4 | 200 OK Content-Length: 15667 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/plugins/maxbuttons-pro/js/maxbuttons.js?ver=3.4.1 | 200 OK Content-Length: 3733 Content-Type: application/javascript | clean |
http://chirominders.com/wp-admin/js/password-strength-meter.js?ver=3.4.1 | 200 OK Content-Length: 374 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/plugins/s2member/s2member-o.php?ws_plugin__s2member_js_w_globals=1&qcABC=1&ver=120703-120703-1675248302 | 200 OK Content-Length: 44950 Content-Type: application/x-javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/superfish.js?ver=3.4.1 | 200 OK Content-Length: 2770 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/general.js?ver=3.4.1 | 200 OK Content-Length: 2108 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/jcarousellite.min.js?ver=3.4.1 | 200 OK Content-Length: 2383 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/slides.min.jquery.js?ver=3.4.1 | 200 OK Content-Length: 6908 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/jquery.prettyPhoto.js?ver=3.4.1 | 200 OK Content-Length: 31837 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/themes/kaboodle/includes/js/portfolio.js?ver=3.4.1 | 200 OK Content-Length: 2668 Content-Type: application/javascript | clean |
http://api.twitter.com/1/statuses/user_timeline/chirominders.json?callback=twitterCallback2&count=1&include_rts=t | 403 Forbidden Content-Length: 75 Content-Type: application/javascript | clean |
http://chirominders.com/wp-content/uploads/shadowbox-js/fb5230720420610a6d20e38efb19d3af.js?ver=3.0.3 | 200 OK Content-Length: 42709 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chirominders.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Tue, 22 Dec 2015 01:31:38 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 22 Dec 2015 01:31:37 GMT
Set-Cookie: wassup=MDI2NzRiYjI4YmU5NDE3M2FlMjlmOWZiYjgyYTRjYjg6OjE0NTA3NTA1OTg6Ojo6NzguMTU4LjExLjIyNjo6Y2wtNzgtMTU4LTExLTIyNi5mYXN0bGluay5sdDo6; expires=Tue, 22-Dec-2015 02:21:38 GMT; path=/
X-Pingback: http://chirominders.com/xmlrpc.php
GET / HTTP/1.1
Host: chirominders.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate, max-age=0
Connection: close
Date: Tue, 22 Dec 2015 01:31:38 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-8
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Tue, 22 Dec 2015 01:31:37 GMT
Set-Cookie: wassup=MDI2NzRiYjI4YmU5NDE3M2FlMjlmOWZiYjgyYTRjYjg6OjE0NTA3NTA1OTg6Ojo6NzguMTU4LjExLjIyNjo6Y2wtNzgtMTU4LTExLTIyNi5mYXN0bGluay5sdDo6; expires=Tue, 22-Dec-2015 02:21:38 GMT; path=/
X-Pingback: http://chirominders.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: chirominders.com
Referer: http://www.google.com/search?q=chirominders.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chirominders.com
Referer: http://www.google.com/search?q=chirominders.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chirominders.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chirominders.com/
Result: chirominders.com is not infected or malware details are not published yet.
Result: chirominders.com is not infected or malware details are not published yet.