Scanned pages/files
| Request | Server response | Status |
http://corbiair.com/ | 200 OK Content-Length: 19941 Content-Type: text/html | clean |
http://corbiair.com/wp-includes/js/comment-reply.min.js?ver=3.5.1 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://corbiair.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/jquery.easing.1.3.js?ver=1.3 | 200 OK Content-Length: 8097 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/jquery.tools.min.js?ver=3.5.1 | 200 OK Content-Length: 6325 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/jquery.cycle.all.min.js?ver=3.5.1 | 200 OK Content-Length: 32046 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/jquery.prettyPhoto.js?ver=3.5.1 | 200 OK Content-Length: 21488 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/twitter.min.js?ver=3.5.1 | 200 OK Content-Length: 5788 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/jquery.innerfade.js?ver=3.5.1 | 200 OK Content-Length: 4846 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) { $.fn.innerfade = function(options) { return this.each(function() { $.innerfade(this, options); }); }; $.innerfade = function(container, options) { var settings = { 'animationtype': 'fade', 'speed': 'normal', 'type': 'sequence', 'timeout': 2000, 'runningclass': 'innerfade', current = Math.floor(Math.random() * elements.length); } else alert('Innerfade-Type must either be \'sequence\', \'random\' or \'random_start\''); setTimeout((function() { $.innerfade.next(elements, settings, current, last); }), settings.timeout); }; })(jQuery); function removeFilter(element) { if(element.style.removeAttribute){ element.style.removeAttribute('filter'); } } Antivirus reports:
| ||
http://corbiair.com/wp-content/themes/Romix/scripts/flowplayer-3.2.6.min.js?ver=3.5.1 | 200 OK Content-Length: 16815 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/custom.js?ver=3.5.1 | 200 OK Content-Length: 14593 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/cufon-yui.js | 200 OK Content-Length: 18258 Content-Type: application/javascript | clean |
http://corbiair.com/wp-content/themes/Romix/scripts/fonts/Sansation.font.js | 200 OK Content-Length: 60672 Content-Type: application/javascript | clean |
http://corbiair.com/about/team-members | 200 OK Content-Length: 11766 Content-Type: text/html | clean |
http://corbiair.com/about/history | 200 OK Content-Length: 10128 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: corbiair.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 10 Sep 2014 12:36:22 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://corbiair.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: corbiair.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 10 Sep 2014 12:36:22 GMT
Server: Apache/2.2.23 (Unix) mod_ssl/2.2.23 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://corbiair.com/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: corbiair.com
Referer: http://www.google.com/search?q=corbiair.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: corbiair.com
Referer: http://www.google.com/search?q=corbiair.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=corbiair.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://corbiair.com/
Result: corbiair.com is not infected or malware details are not published yet.
Result: corbiair.com is not infected or malware details are not published yet.