Scanned pages/files
Request | Server response | Status |
http://wuwus.com/ | 200 OK Content-Length: 18161 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: +ADw-title+AD4-Hacked by White-Shadow +AHw B3YAZ.ORG+ADw-/title+AD4 ...[534 bytes skipped]... D0AIg-http://www.w3.org/1999/xhtml+ACIAPg +ADwAIQ—Bu +AN0-ndex White-Shadow Taraf+AP0-ndan Yap+AP0-lm+AP0A/g-t+AP0-r–+AD4 +ADwAIQ—Kodlar+AP0 +AMc-alma +AN4-erefsiz–+AD4 +ADwAIQ—B3YAZ.ORG–+AD4 +ADw-head+AD4 +ADw-meta http-equiv+AD0AIg-Content-Type+ACI content+AD0AIg-text/html+ADs charset+AD0-utf-8+ACI /+AD4 +ADw-title+AD4-Hacked by White-Shadow +AHw B3YAZ.ORG+ADw-/title+AD4 +ADw-style type+AD0AIg-text/css+ACIAPg body +AHs background-color: +ACM-000+ADs +AH0 body,td,th +AHs color: +ACM-FFF+ADs +AH0 .kirmizi +AHs color: +ACM-F00+ADs +AH0 .team +AHs color: +ACM-F00+ADs +AH0 +ADw-/style+AD4 +ADw-/head+AD4 +ADw-body+AD4 +ADw-center+AD4 +ADw-img src+AD0AIg-http://i.hizliresim.com/vga87v.png+ACI alt+AD0AIg-White-Shadow b3yaz.org+A ...[18833 bytes skipped]... | ||
http://wuwus.com/zoe/ | 200 OK Content-Length: 19214 Content-Type: text/html | clean |
http://wuwus.com/wp-includes/js/comment-reply.min.js?ver=4.1.5 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://wuwus.com/feed/ | 200 OK Content-Length: 9498 Content-Type: text/xml | clean |
http://wuwus.com/test404page.js | 404 Not Found Content-Length: 13731 Content-Type: text/html | clean |
http://wuwus.com/hello-world/ | 200 OK Content-Length: 18781 Content-Type: text/html | clean |
http://wuwus.com/41/ | 200 OK Content-Length: 16757 Content-Type: text/html | clean |
http://wuwus.com/page/2/ | 200 OK Content-Length: 16137 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wuwus.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 17 Jul 2015 00:47:10 GMT
Server: cloudflare-nginx
Content-Type: text/html; charset=UTF-7
CF-RAY: 2071ef186f1d0ae4-WAW
Set-Cookie: __cfduid=d983c4d9609299cf7538d3834e3905ae71437094030; expires=Sat, 16-Jul-16 00:47:10 GMT; path=/; domain=.wuwus.com; HttpOnly
X-Pingback: http://wuwus.com/xmlrpc.php
X-Powered-By: PHP/5.4.42
GET / HTTP/1.1
Host: wuwus.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 17 Jul 2015 00:47:10 GMT
Server: cloudflare-nginx
Content-Type: text/html; charset=UTF-7
CF-RAY: 2071ef186f1d0ae4-WAW
Set-Cookie: __cfduid=d983c4d9609299cf7538d3834e3905ae71437094030; expires=Sat, 16-Jul-16 00:47:10 GMT; path=/; domain=.wuwus.com; HttpOnly
X-Pingback: http://wuwus.com/xmlrpc.php
X-Powered-By: PHP/5.4.42
Second query (visit from search engine):
GET / HTTP/1.1
Host: wuwus.com
Referer: http://www.google.com/search?q=wuwus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wuwus.com
Referer: http://www.google.com/search?q=wuwus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wuwus.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wuwus.com/
Result: wuwus.com is not infected or malware details are not published yet.
Result: wuwus.com is not infected or malware details are not published yet.