Scanned pages/files
Request | Server response | Status |
http://washuplaundromat.com/ | 200 OK Content-Length: 61555 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) <!-- Hacked by Hacked by Dark-Devilz⢠--> <!-- document.write(unescape('%0A%0A%3C%68%65%61%64%3E%3C%74%69%74%6C%65%3E%2E%2E%3A%3A%2F%48%61%63%6B%65%64%20%62%79%20%44%61%72%6B%2D%44%65%76%69%6C%7A%22%3A%3A%2E%2E%3C%2F%74%69%74%6C%65%3E%0A%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%27%6A%61%76%61%73%63%72%69%70%74%27%3E%61%6C%65%72%74%20%28%22%2E%2E%3A%3A%2F%48%61%63%6B%65%64%20%62%79%20%44%61%72%6B%2D%44%65%76%69%6C%7A%22%3A%3A%2E%2E%22%29%3B%20%3C%2F%73%63%72%6 Antivirus reports:
Deface/Content modification. The following signature was found: ..::/Hacked by Dark-Devilzâ¢::.. ...[103 bytes skipped]... -><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--> <!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--><!--Dark-Devilzâ¢--> <!--Dark-Devilz Protection.--> <body onContextMenu="alert('..::/Hacked by Dark-Devilzâ¢::..'); return false" NOOP="if (window.event != null && window.event.button == 2) alert ('..::/Hacked by Dark-Devilzâ¢::..');"><body oncontextmenu='return false;' onkeydown='return false;' onmousedown='return false;'> <Script Language='Javascript'> <!-- Hacked by Hacked by Dark-Devilz⢠--> <!-- document.write(unescape('%0A%0A%3C%68%65%61%64%3E%3C%74%69%74%6C%65%3E%2E%2E%3A%3A%2F%48%61%63%6B%65%64%20%62%79%20%44%61 ...[60849 bytes skipped]... | ||
http://washuplaundromat.com/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 14 Dec 2015 11:53:37 GMT Location: http://www.washuplaundromat.com/test404page.js/ Server: nginx/1.8.0 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.washuplaundromat.com/xmlrpc.php | clean |
http://www.washuplaundromat.com/test404page.js/ | 200 OK Content-Length: 11909 Content-Type: text/html | clean |
http://www.washuplaundromat.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-includes/js/comment-reply.min.js?ver=3.7.4 | 200 OK Content-Length: 753 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/cufon.js?ver=3.7.4 | 200 OK Content-Length: 18264 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/cufon.liberationsans.js?ver=3.7.4 | 200 OK Content-Length: 303606 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.cycle.all.min.js?ver=3.7.4 | 200 OK Content-Length: 32046 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.hoverIntent.min.js?ver=3.7.4 | 200 OK Content-Length: 1464 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.prettyPhoto.js?ver=3.7.4 | 200 OK Content-Length: 36276 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.superfish.js?ver=3.7.4 | 200 OK Content-Length: 3831 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.tipsy.js?ver=3.7.4 | 200 OK Content-Length: 7282 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/jquery.tweet.js?ver=3.7.4 | 200 OK Content-Length: 12952 Content-Type: application/javascript | clean |
http://www.washuplaundromat.com/wp-content/themes/deep-blue/megaframe/js/scripts.js?ver=3.7.4 | 200 OK Content-Length: 1904 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: washuplaundromat.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Dec 2015 11:53:36 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 61555
Content-Type: text/html
Last-Modified: Thu, 25 Apr 2013 15:26:59 GMT
...61555 bytes of data.
GET / HTTP/1.1
Host: washuplaundromat.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 14 Dec 2015 11:53:36 GMT
Accept-Ranges: bytes
Server: nginx/1.8.0
Content-Length: 61555
Content-Type: text/html
Last-Modified: Thu, 25 Apr 2013 15:26:59 GMT
...61555 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: washuplaundromat.com
Referer: http://www.google.com/search?q=washuplaundromat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: washuplaundromat.com
Referer: http://www.google.com/search?q=washuplaundromat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=washuplaundromat.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://washuplaundromat.com/
Result: washuplaundromat.com is not infected or malware details are not published yet.
Result: washuplaundromat.com is not infected or malware details are not published yet.