Scanned pages/files
| Request | Server response | Status |
http://marsmc.com/ | 200 OK Content-Length: 16381 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: All my sites were hacked by a wordpress based attack more than likely a plugin. Will be recovering t ...[10939 bytes skipped]... thumbnail-590x400 590x400 thumbnail-590x400" width="590" height="400" /></a> </div> <div class="slide-details"> <h2><a href="http://www.dalab.com/dalab/hello-world/" rel="bookmark" title="Permanent Link to Back from the hack">Back from the hack</a></h2> <div class="description"> <p>All my sites were hacked by a wordpress based attack more than likely a plugin. Will be recovering the site as time permits.</p> <h2 class="left"><a href="http://www.dalab.com/dalab/hello-world/" rel="bookmark" title="Permanent Link to Back from the hack" class="button">Continue Reading</a></h2> </div> </div> <div class="clear"></div> </div> </div> </div> <!-- End Pagination --> | ||
http://widgets.twimg.com/j/2/widget.js?ver=4.0.1 | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
http://www.dalab.com/dalab/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ajax.js?ver=4.0.1 | 200 OK Content-Length: 33 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/persist.js?ver=4.0.1 | 200 OK Content-Length: 24995 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/store.js?ver=4.0.1 | 200 OK Content-Length: 5337 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/ajax/static/ngg_store.js?ver=4.0.1 | 200 OK Content-Length: 891 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/themes/modularity/includes/js/jquery-ui-1.7.2.custom.min.js?ver=4.0.1 | 200 OK Content-Length: 8104 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/themes/modularity/includes/js/nav/superfish.js?ver=4.0.1 | 200 OK Content-Length: 3714 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/themes/modularity/includes/js/nav/supersubs.js?ver=4.0.1 | 200 OK Content-Length: 3298 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/themes/modularity/includes/js/search.js?ver=4.0.1 | 200 OK Content-Length: 774 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/themes/modularity/includes/js/jquery.cycle.js?ver=4.0.1 | 200 OK Content-Length: 28862 Content-Type: text/javascript | clean |
http://www.dalab.com/dalab/wp-content/plugins/nextgen-gallery/products/photocrati_nextgen/modules/lightbox/static/lightbox_context.js?ver=4.0.1 | 200 OK Content-Length: 890 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: marsmc.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 30 Nov 2014 04:07:05 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://wp.me/37iPV>; rel=shortlink
Set-Cookie: PHPSESSID=0b5dnft00joqkrq4eps0m9u9h4; path=/
X-Pingback: http://www.dalab.com/dalab/xmlrpc.php
GET / HTTP/1.1
Host: marsmc.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 30 Nov 2014 04:07:05 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://wp.me/37iPV>; rel=shortlink
Set-Cookie: PHPSESSID=0b5dnft00joqkrq4eps0m9u9h4; path=/
X-Pingback: http://www.dalab.com/dalab/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: marsmc.com
Referer: http://www.google.com/search?q=marsmc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: marsmc.com
Referer: http://www.google.com/search?q=marsmc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=marsmc.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://marsmc.com/
Result: marsmc.com is not infected or malware details are not published yet.
Result: marsmc.com is not infected or malware details are not published yet.