Scanned pages/files
| Request | Server response | Status |
http://thenapervillecosmeticdentist.net/ | 200 OK Content-Length: 8090 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By v1ru5 Gr0up ...[5159 bytes skipped]... br/> { if(currentStyle=='inline') { currentStyle='none'; } else { currentStyle='inline'; } document.getElementById('blink').style.display = currentStyle; setTimeout('blinkSpan()',400); }msg = " Hacked By v1ru5 Gr0up"; msg = " " + msg;pos = 0; function scrollMSG() { document.title = msg.substring(pos, msg.length) + msg.substring(0, pos); pos++; if (pos > msg.length) pos = 0 window.setTimeout("scrollMSG()",100); } scrollMSG(); </script> | ||
http://masterendi.googlecode.com/files/salju.js | 200 OK Content-Length: 3302 Content-Type: text/plain | clean |
http://masterendi.googlecode.com/test404page.js | 404 Not Found Content-Length: 1439 Content-Type: text/html | clean |
http://masterendi.googlecode.com//www.google.com/ | 404 Not Found Content-Length: 1425 Content-Type: text/html | clean |
http://thenapervillecosmeticdentist.net//www.google.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Fri, 01 Aug 2014 09:10:26 GMT Pragma: no-cache Location: http://thenapervillecosmeticdentist.net/www.google.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Fri, 01 Aug 2014 09:10:26 GMT X-Pingback: http://thenapervillecosmeticdentist.net/xmlrpc.php | clean |
http://thenapervillecosmeticdentist.net/www.google.com/ | 404 Not Found Content-Length: 13938 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) new TWTR.Widget({ version: 2, type: 'profile', rpp: 10, interval: 6000, width: 250, height: 300, theme: { shell: { background: '#ffffff', color: '#000000' }, tweets: { background: '#ffffff', color: '#000000', links: '#000000' } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: false, avatars: true, behavior: 'all' }}).render().setUser('CosmeticDents').start(); Antivirus reports:
| ||
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/cufon-yui.js | 200 OK Content-Length: 18263 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/cufon-libsans.js | 200 OK Content-Length: 134256 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72328 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/cufon-run.js | 200 OK Content-Length: 200 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/custom.js | 200 OK Content-Length: 705 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/Quicksand_Bold.js | 200 OK Content-Length: 268108 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/menusm.js | 200 OK Content-Length: 2210 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/wp-content/themes/classynsimple/js/coin-slider.min.js | 200 OK Content-Length: 8493 Content-Type: application/javascript | clean |
http://widgets.twimg.com/j/2/widget.js | 200 OK Content-Length: 1489 Content-Type: application/javascript | clean |
http://thenapervillecosmeticdentist.net/testimonials-naperville-cosmetic-dentist/ | 200 OK Content-Length: 18786 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) new TWTR.Widget({ version: 2, type: 'profile', rpp: 10, interval: 6000, width: 250, height: 300, theme: { shell: { background: '#ffffff', color: '#000000' }, tweets: { background: '#ffffff', color: '#000000', links: '#000000' } }, features: { scrollbar: true, loop: false, live: false, hashtags: true, timestamp: false, avatars: true, behavior: 'all' }}).render().setUser('CosmeticDents').start(); Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thenapervillecosmeticdentist.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Aug 2014 09:10:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://thenapervillecosmeticdentist.net/xmlrpc.php
GET / HTTP/1.1
Host: thenapervillecosmeticdentist.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 01 Aug 2014 09:10:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://thenapervillecosmeticdentist.net/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: thenapervillecosmeticdentist.net
Referer: http://www.google.com/search?q=thenapervillecosmeticdentist.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thenapervillecosmeticdentist.net
Referer: http://www.google.com/search?q=thenapervillecosmeticdentist.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thenapervillecosmeticdentist.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://thenapervillecosmeticdentist.net/
Result: thenapervillecosmeticdentist.net is not infected or malware details are not published yet.
Result: thenapervillecosmeticdentist.net is not infected or malware details are not published yet.