Scanned pages/files
Request | Server response | Status |
http://sube.net/ | HTTP/1.1 302 Found Connection: close Date: Thu, 10 Dec 2015 16:31:45 GMT Location: http://www.sube.net/ Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | clean |
http://www.sube.net/ | 200 OK Content-Length: 57683 Content-Type: text/html | clean |
http://www.sube.net/skin/frontend/default/theme562/js/jquery-1.7.min.js | 200 OK Content-Length: 94020 Content-Type: text/javascript | clean |
http://www.sube.net/skin/frontend/default/theme562/js/superfish.js | 200 OK Content-Length: 3800 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; cle showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off', $ul = this.not('.accorChild').addClass(o.hoverClass) .find('>ul:hidden'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); jQuery(function(){ jQuery('.sf-menu').superfish() }) Antivirus reports:
| ||
http://www.sube.net/skin/frontend/default/theme562/js/scripts.js | 200 OK Content-Length: 14681 Content-Type: text/javascript | clean |
http://www.sube.net/js/prototype/prototype.js | 200 OK Content-Length: 163313 Content-Type: text/javascript | clean |
http://www.sube.net/js/lib/ccard.js | 200 OK Content-Length: 747 Content-Type: text/javascript | clean |
http://www.sube.net/js/prototype/validation.js | 200 OK Content-Length: 41647 Content-Type: text/javascript | clean |
http://www.sube.net/js/scriptaculous/builder.js | 200 OK Content-Length: 4744 Content-Type: text/javascript | clean |
http://www.sube.net/js/scriptaculous/effects.js | 200 OK Content-Length: 38745 Content-Type: text/javascript | clean |
http://www.sube.net/js/scriptaculous/dragdrop.js | 200 OK Content-Length: 31066 Content-Type: text/javascript | clean |
http://www.sube.net/js/scriptaculous/controls.js | 200 OK Content-Length: 34797 Content-Type: text/javascript | clean |
http://www.sube.net/js/scriptaculous/slider.js | 200 OK Content-Length: 10331 Content-Type: text/javascript | clean |
http://www.sube.net/js/varien/js.js | 200 OK Content-Length: 22730 Content-Type: text/javascript | clean |
http://www.sube.net/js/varien/form.js | 200 OK Content-Length: 14272 Content-Type: text/javascript | clean |
http://www.sube.net/js/mage/translate.js | 200 OK Content-Length: 1582 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sube.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 10 Dec 2015 16:31:45 GMT
Location: http://www.sube.net/
Server: Apache/2.2.15 (CentOS)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3
...0 bytes of data.
GET / HTTP/1.1
Host: sube.net
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 10 Dec 2015 16:31:45 GMT
Location: http://www.sube.net/
Server: Apache/2.2.15 (CentOS)
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: sube.net
Referer: http://www.google.com/search?q=sube.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sube.net
Referer: http://www.google.com/search?q=sube.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sube.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sube.net/
Result: sube.net is not infected or malware details are not published yet.
Result: sube.net is not infected or malware details are not published yet.