Scanned pages/files
Request | Server response | Status |
http://www.wheaten.info/ | 200 OK Content-Length: 6765 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: # HACKED BY .::xX_abo-al3z_Xx::. # ...[374 bytes skipped]... t> <script language='javascript' src='http://5waw.com/like.js'></script> </head> <!-- saved from url=(0040)http://www.thepremierpokertour.com/blog/ --> <html><head><meta http-equiv="Content-Type" content="text/html; charset=windows-1252"><meta http-equiv="Content-Language" content="fr"> <title># HACKED BY .::xX_abo-al3z_Xx::. #</title> <meta name="keywords" content="> <meta name=" description"=""> <style type="text/css"> .style2 { font-family: "Cooper Black"; font-size: x-large; text-shadow: red 0px 0px 4px; } ...[8559 bytes skipped]... | ||
http://5waw.com/script.js | 500 Status read failed: Соединение ÑазоÑвано дÑÑгой ÑÑоÑоной Content-Length: 152 Content-Type: text/plain | clean |
http://5waw.com/test404page.js | 200 OK Content-Length: 7066 Content-Type: text/html | clean |
http://code.jquery.com/jquery-latest.min.js | 200 OK Content-Length: 95786 Content-Type: application/javascript | clean |
http://5waw.com/js/standard.js?rte=1&tm=2&dn=5waw.com&tid=1020 | 200 OK Content-Length: 1297 Content-Type: text/javascript | clean |
http://5waw.com/js/google_caf.js?rte=1&tm=2&dn=5waw.com&tid=1020 | 200 OK Content-Length: 9155 Content-Type: text/javascript | clean |
http://www.google.com/adsense/domains/caf.js | 200 OK Content-Length: 217373 Content-Type: text/javascript | clean |
http://5waw.com/offer.html?domain=5waw.com | 200 OK Content-Length: 1556 Content-Type: text/html | clean |
http://code.jquery.com/jquery-2.1.1.min.js | 200 OK Content-Length: 84245 Content-Type: application/javascript | clean |
http://code.jquery.com/ui/1.11.1/jquery-ui.min.js | 200 OK Content-Length: 238314 Content-Type: application/javascript | clean |
http://dizzyninja.co/js/ui/jquery.ui.dizzyninja.parkingofferrecommend.v1.js | 200 OK Content-Length: 16998 Content-Type: application/javascript | clean |
http://5waw.com/config.js | 200 OK Content-Length: 7061 Content-Type: text/html | clean |
http://5waw.com/like.js | 200 OK Content-Length: 7059 Content-Type: text/html | clean |
http://www.wheaten.info/offer.html?domain=5waw.com | 200 OK Content-Length: 6765 Content-Type: text/html | clean |
http://www.wheaten.info/0 | 200 OK Content-Length: 6765 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wheaten.info
Result:
GET / HTTP/1.1
Host: wheaten.info
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: wheaten.info
Referer: http://www.google.com/search?q=wheaten.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wheaten.info
Referer: http://www.google.com/search?q=wheaten.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wheaten.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wheaten.info/
Result: wheaten.info is not infected or malware details are not published yet.
Result: wheaten.info is not infected or malware details are not published yet.