Scanned pages/files
| Request | Server response | Status |
http://www.undergroundretrocade.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 21 Aug 2014 21:31:23 GMT Location: http://undergroundretrocade.com/ Server: nginx/1.6.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://undergroundretrocade.com/xmlrpc.php | clean |
http://undergroundretrocade.com/ | 200 OK Content-Length: 80164 Content-Type: text/html | clean |
http://undergroundretrocade.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://undergroundretrocade.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://undergroundretrocade.com/wp-content/plugins/facebook-like-button-by-kms/fbl_loader.js?ver=3.9.2 | 200 OK Content-Length: 399 Content-Type: application/javascript | clean |
http://undergroundretrocade.com/wp-content/themes/kong-me-baby/js/jquery.mystique.js?ver=1.0 | 200 OK Content-Length: 56999 Content-Type: application/javascript | clean |
http://undergroundretrocade.com/?mystique=jquery_init&ver=1.0 | 200 OK Content-Length: 3422 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var $lang=new Array(); $lang[0]="Posting. Please wait..."; $lang[1]="Your comment was added."; $lang[2]="Post another comment"; jQuery(document).ready(function ($) { if (isIE6) { jQuery('#page').append("<div class='crap-browser-warning'>You're using a old and buggy browser. Switch to a <a href='http://www.mozilla.com/firefox/'>normal browser</a> or consider <a href='http://www.microsoft.com/windows/internet-explorer'>upgrading }); setup_comment_controls(); setup_comment_ajax(); jQuery('a.print').click(function() { jQuery('.post.single').printElement({printMode:'popup'}); return false; }); jQuery("#navigation").attr("role", "navigation"); jQuery("#primary-content").attr("role", "main"); jQuery("#sidebar").attr("role", "complementary"); jQuery("#searchform").attr("role", "search"); }); Antivirus reports:
| ||
http://www.undergroundretrocade.com/?feed=rss2 | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Thu, 21 Aug 2014 21:31:31 GMT Pragma: no-cache ETag: "6f6601ea206f439b3beccd579be7f49b" Location: http://undergroundretrocade.com/?feed=rss2 Server: nginx/1.6.1 Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://undergroundretrocade.com/xmlrpc.php | clean |
http://undergroundretrocade.com/?feed=rss2 | 404 Not Found Content-Length: 869 Content-Type: text/xml | clean |
http://undergroundretrocade.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 21 Aug 2014 21:31:32 GMT Location: http://doctoraccess.eu/ Server: nginx/1.6.1 Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 | clean |
http://doctoraccess.eu/ | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://doctoraccess.eu/test404page.js | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://www.undergroundretrocade.com/wp-content/uploads/2012/06/121-W-Main-parking.jpg | 200 OK Content-Length: 166209 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: undergroundretrocade.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Aug 2014 21:31:24 GMT
Server: nginx/1.6.1
Content-Type: text/html; charset=UTF-8
Link: <http://undergroundretrocade.com/>; rel=shortlink
X-Pingback: http://undergroundretrocade.com/xmlrpc.php
GET / HTTP/1.1
Host: undergroundretrocade.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 21 Aug 2014 21:31:24 GMT
Server: nginx/1.6.1
Content-Type: text/html; charset=UTF-8
Link: <http://undergroundretrocade.com/>; rel=shortlink
X-Pingback: http://undergroundretrocade.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: undergroundretrocade.com
Referer: http://www.google.com/search?q=undergroundretrocade.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: undergroundretrocade.com
Referer: http://www.google.com/search?q=undergroundretrocade.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=undergroundretrocade.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://undergroundretrocade.com/
Result: undergroundretrocade.com is not infected or malware details are not published yet.
Result: undergroundretrocade.com is not infected or malware details are not published yet.