Scanned pages/files
| Request | Server response | Status |
http://www.i17go.com/ | 200 OK Content-Length: 58042 Content-Type: text/html | clean |
http://www.i17go.com/base/js/base.js | 200 OK Content-Length: 31131 Content-Type: application/x-javascript | clean |
http://www.i17go.com/base/js/common.js | 200 OK Content-Length: 10754 Content-Type: application/x-javascript | clean |
http://www.i17go.com/base/js/form.js | 200 OK Content-Length: 16332 Content-Type: application/x-javascript | clean |
http://www.i17go.com/base/js/blockui.js | 200 OK Content-Length: 12587 Content-Type: application/x-javascript | clean |
http://www.i17go.com/advs/js/advsheadlb.js | 200 OK Content-Length: 702 Content-Type: application/x-javascript | clean |
http://www.i17go.com/menu/js/channelmenu.js | 200 OK Content-Length: 478 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
function showMenu(n){ var smenudiv = document.getElementById("smenu"); obj=smenudiv.getElementsByTagName("ul"); for(var i=0;i<obj.length;i++){ if(i==n){ obj[i].style.display="block"; document.getElementById("mainmenu").getElementsByTagName("a")[i].className='current'; }else{ obj[i].style.display="none"; document.getElementById("mainmenu").getElementsByTagName("a")[i].className=''; } } } --> Antivirus reports:
| ||
http://www.i17go.com/advs/js/yu200712201.js | 200 OK Content-Length: 87728 Content-Type: application/x-javascript | clean |
http://www.i17go.com/advs/js/yu200712202.js | 200 OK Content-Length: 9470 Content-Type: application/x-javascript | clean |
http://www.i17go.com/photo/js/photopic_roll.js | 200 OK Content-Length: 7045 Content-Type: application/x-javascript | clean |
http://code.54kefu.net/kefu/js/129/597729.js | 200 OK Content-Length: 522 Content-Type: application/x-javascript | clean |
http://s5.cnzz.com/z_stat.php?id=1000318010&web_id=1000318010 | 200 OK Content-Length: 9624 Content-Type: application/javascript | clean |
http://www.i17go.com/-1 | 404 Not Found Content-Length: 1464 Content-Type: text/html | clean |
http://%6A%73%2E%75%73%68%6F%73%74%31%39%2E%69%64%63%79%73%2E%63%6F%6D/404.js | 400 Bad Request Content-Length: 39 Content-Type: text/html | clean |
http://%6A%73%2E%75%73%68%6F%73%74%31%39%2E%69%64%63%79%73%2E%63%6F%6D/test404page.js | 400 Bad Request Content-Length: 39 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: i17go.com
Result:
GET / HTTP/1.1
Host: i17go.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: i17go.com
Referer: http://www.google.com/search?q=i17go.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: i17go.com
Referer: http://www.google.com/search?q=i17go.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=i17go.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://i17go.com/
Result: i17go.com is not infected or malware details are not published yet.
Result: i17go.com is not infected or malware details are not published yet.