Scanned pages/files
| Request | Server response | Status |
http://aaareplicas.nu/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 23 Dec 2014 11:36:19 GMT Pragma: no-cache Location: http://www.aaareplicas.nu/ Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=6e73e7b21d529ba60060b3f70c472b08; path=/ X-Pingback: http://www.aaareplicas.nu/xmlrpc.php X-Powered-By: PHP/5.4.33 | clean |
http://www.aaareplicas.nu/ | 200 OK Content-Length: 37846 Content-Type: text/html | clean |
http://www.aaareplicas.nu/wp-content/plugins/wpcopyprotectionuu/inc/layr.js?ver=4.1 | 200 OK Content-Length: 3733 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var jq = jQuery.noConflict();
jq(document).ready(function($){ setTimeout(pp_cover, 200); }); function pp_cover() { var images = jq('img.secureimg_wp'); for (var i = 0; i < images.length; ++i) { var item = images[i]; var itemPos = pp_get_position(item); var parentPos = { left : 0, top : 0 }; var offsetParent = item.offsetParent; var left = rect.left + scrollLeft - clientLeft; return { top : Math.round(top), left : Math.round(left) }; } function pp_get_position(element) { if (element.getBoundingClientRect) { return pp_get_position1(element) } else { return pp_get_position2(element); } } setTimeout(pp_cover, 200); Antivirus reports:
| ||
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/gen_validatorv4.js | 200 OK Content-Length: 30812 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jquery.min.js | 200 OK Content-Length: 94839 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jcarousellite_1.3.min.js | 200 OK Content-Length: 3720 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jquery.meanmenu.min.js | 200 OK Content-Length: 3732 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jquery.easing.1.3.js | 200 OK Content-Length: 4580 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jquery.poshytip.js | 200 OK Content-Length: 19113 Content-Type: application/javascript | clean |
http://aaareplicas.nu//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 23 Dec 2014 11:36:22 GMT Pragma: no-cache Location: http://www.aaareplicas.nu/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=4ddb95b0815d1337a73cdb9a5a6bdd07; path=/ X-Pingback: http://www.aaareplicas.nu/xmlrpc.php X-Powered-By: PHP/5.4.33 | clean |
http://www.aaareplicas.nu/translate.google.com/translate_a/element.js?cb=googletranslateelementinit/ | 404 Not Found Content-Length: 33266 Content-Type: text/html | clean |
http://www.aaareplicas.nu//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 23 Dec 2014 11:36:24 GMT Pragma: no-cache Location: http://www.aaareplicas.nu/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=941412c106d95c3bf37f033c69b10d89; path=/ X-Pingback: http://www.aaareplicas.nu/xmlrpc.php X-Powered-By: PHP/5.4.33 | clean |
http://www.aaareplicas.nu/test404page.js | 404 Not Found Content-Length: 26261 Content-Type: text/html | clean |
https://seal.thawte.com/getthawteseal?host_name=www.aaareplicas.nu&size=S&lang=en | 200 OK Content-Length: 3034 Content-Type: text/javascript | clean |
http://www.aaareplicas.nu/about-us/ | 200 OK Content-Length: 26943 Content-Type: text/html | clean |
http://www.aaareplicas.nu/wp-content/themes/aaareplicas/js/jquery.lightbox.min.js | 200 OK Content-Length: 24909 Content-Type: application/javascript | clean |
http://www.aaareplicas.nu/products/ | 200 OK Content-Length: 33943 Content-Type: text/html | clean |
http://www.aaareplicas.nu/designer-replicas/ | 200 OK Content-Length: 32477 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aaareplicas.nu
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 23 Dec 2014 11:36:19 GMT
Pragma: no-cache
Location: http://www.aaareplicas.nu/
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6e73e7b21d529ba60060b3f70c472b08; path=/
X-Pingback: http://www.aaareplicas.nu/xmlrpc.php
X-Powered-By: PHP/5.4.33
...0 bytes of data.
GET / HTTP/1.1
Host: aaareplicas.nu
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 23 Dec 2014 11:36:19 GMT
Pragma: no-cache
Location: http://www.aaareplicas.nu/
Server: Apache/2.2.29 (Unix) mod_ssl/2.2.29 OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_perl/2.0.8 Perl/v5.10.1
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=6e73e7b21d529ba60060b3f70c472b08; path=/
X-Pingback: http://www.aaareplicas.nu/xmlrpc.php
X-Powered-By: PHP/5.4.33
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aaareplicas.nu
Referer: http://www.google.com/search?q=aaareplicas.nu
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aaareplicas.nu
Referer: http://www.google.com/search?q=aaareplicas.nu
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aaareplicas.nu
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://aaareplicas.nu/
Result: aaareplicas.nu is not infected or malware details are not published yet.
Result: aaareplicas.nu is not infected or malware details are not published yet.