Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://utonc.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: utonc.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 26 Apr 2014 18:27:37 GMT Location: http://baiduse0.in/sex.html?utonc.com Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
Request | Server response | Status |
http://utonc.com/ | 200 OK Content-Length: 29299 Content-Type: text/html | clean |
http://utonc.com/script/jquery.min.js | 200 OK Content-Length: 56804 Content-Type: application/x-javascript | clean |
http://utonc.com/script/droppy.js | 200 OK Content-Length: 1051 Content-Type: application/x-javascript | clean |
http://utonc.com/script/thickbox.js | 200 OK Content-Length: 8927 Content-Type: application/x-javascript | clean |
http://utonc.com/script/helper.js | 200 OK Content-Length: 10577 Content-Type: application/x-javascript | clean |
http://utonc.com/script/png.js | 200 OK Content-Length: 2072 Content-Type: application/x-javascript | clean |
http://utonc.com/script/picAutoZoom.js | 200 OK Content-Length: 470 Content-Type: application/x-javascript | clean |
http://utonc.com/index.php?_m=frontpage&_a=index&_l=zh_CN | 200 OK Content-Length: 29299 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var speed=30; var marquee_product25nwePu = document.getElementById("marquee_product25nwePu"); var marquee_product15nwePu = document.getElementById("marquee_product15nwePu"); var marquee_demo5nwePu = document.getElementById("marquee_demo5nwePu"); marquee_product25nwePu.innerHTML=marquee_product15nwePu.innerHTML; function Marquee5nwePu(){ if(marquee_demo5nwePu.scrollLeft>=marquee_product15nwePu.scrollWidth){ marquee_demo5nwePu.scrollLeft=0; } else{ marquee_demo5nwePu.scrollLeft++; } } var MyMar5nwePu=setInterval(Marquee5nwePu,speed); marquee_demo5nwePu.onmouseover=function(){clearInterval(MyMar5nwePu);} marquee_demo5nwePu.onmouseout=function(){MyMar5nwePu=setInterval(Marquee5nwePu,speed);} Antivirus reports:
| ||
http://utonc.com/index.php?_m=frontpage&_a=index&_l=en | 200 OK Content-Length: 28958 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var speed=10; var marquee_product2FwK1y6 = document.getElementById("marquee_product2FwK1y6"); var marquee_product1FwK1y6 = document.getElementById("marquee_product1FwK1y6"); var marquee_demoFwK1y6 = document.getElementById("marquee_demoFwK1y6"); marquee_product2FwK1y6.innerHTML=marquee_product1FwK1y6.innerHTML; function MarqueeFwK1y6(){ if(marquee_demoFwK1y6.scrollLeft>=marquee_product1FwK1y6.scrollWidth){ marquee_demoFwK1y6.scrollLeft=0; } else{ marquee_demoFwK1y6.scrollLeft++; } } var MyMarFwK1y6=setInterval(MarqueeFwK1y6,speed); marquee_demoFwK1y6.onmouseover=function(){clearInterval(MyMarFwK1y6);} marquee_demoFwK1y6.onmouseout=function(){MyMarFwK1y6=setInterval(MarqueeFwK1y6,speed);} Antivirus reports:
| ||
http://utonc.com/index.php?_m=frontpage&_a=index | 200 OK Content-Length: 29299 Content-Type: text/html | clean |
http://utonc.com/index.php?_m=mod_static&_a=view&sc_id=2 | 200 OK Content-Length: 28851 Content-Type: text/html | clean |
http://utonc.com/index.php?_m=mod_article&_a=article_content&article_id=93 | 200 OK Content-Length: 21928 Content-Type: text/html | clean |
http://utonc.com/index.php?_m=mod_article&_a=article_content&article_id=94 | 200 OK Content-Length: 33560 Content-Type: text/html | clean |
http://utonc.com/index.php?_m=mod_article&_a=fullist | 200 OK Content-Length: 27781 Content-Type: text/html | clean |
http://utonc.com/index.php?_m=mod_article&_a=fullist&caa_id=16 | 200 OK Content-Length: 23915 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=utonc.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://utonc.com/
Result: utonc.com is not infected or malware details are not published yet.
Result: utonc.com is not infected or malware details are not published yet.