Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=53094.net.aobieg44.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.53094.net.aobieg44.com/ | 200 OK Content-Length: 45862 Content-Type: text/html | malicious |
Page code contains blacklisted domain: www.zoudi6.biz ...[392 bytes skipped]... <META name=keywords content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <META name=description content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <script id="wf" type="text/javascript" charset="gb2312" src="http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154"></script> <META content=IE=EmulateIE7 http-equiv=X-UA-Compatible><LINK rel=stylesheet href="http://www.zoudi6.biz/aimg/layout.css"><LINK rel="shortcut icon" href="favicon.ico"> <DIV style="DISPLAY: none"><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/16360978.js"></script> <noscript><a href="http://www.51.la/?16360978" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/16360978.asp" ...[57897 bytes skipped]... Malicious iFrame found. size: 100x850 src: http://www.159gps.com/yjm.htm This URL is marked by Google as suspicious <iframe src="http://www.159gps.com/yjm.htm" width="100%" height="850"> | ||
http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154 | 200 OK Content-Length: 2695 Content-Type: application/x-javascript | clean |
http://js.users.51.la/16360978.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://www.53094.net.aobieg44.com/indexbom.js | 200 OK Content-Length: 2981 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.zoudi6.biz function getArrayItems(arr,num){var temp_array=new Array();for(var index in arr){temp_array.push(arr[index])}var return_array=new Array();for(var i=0;i<num;i++){if(temp_array.length>0){var arrIndex=Math.floor(Math.random()*temp_array.length);return_array[i]=temp_array[arrIndex];temp_array.splice(arrIndex,1)}else{break}}return return_array}var array=new Array();array=new Array('http://www.zoudi6.biz\/web\/login.html|ÓûÍû»ùµØ','http://www.zoudi6.biz\/web\/login.html|É«ÀÇÎÑ×ÛºÏ');array=getArrayItems(array,28);document.writeln('<table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc">');document.writeln('<tr>');var split=new Array();for(i=0;i<array.length;i++){if(i%7==0&i>0){document.writeln('</tr>');document.writeln('<tr>')}split=array[i].split('|'); ...[2473 bytes skipped]... Decoded script: <table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc"> <tr> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">ÓûÍû»ùµØ</a></div></td> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">É«ÀÇÎÑ×ÛºÏ</a></div></td> </table> <SCRIPT> var text=""; day = new Date( ); time = day.getHours( ); ¡¡if (( time>=0) && (time < 6 )) if(parent.win ...[1520 bytes skipped]... | ||
http://www.53094.net.aobieg44.com/test404page.js | 404 Not Found Content-Length: 304 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 53094.net.aobieg44.com
Result:
GET / HTTP/1.1
Host: 53094.net.aobieg44.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 53094.net.aobieg44.com
Referer: http://www.google.com/search?q=53094.net.aobieg44.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 53094.net.aobieg44.com
Referer: http://www.google.com/search?q=53094.net.aobieg44.com
Result:
The result is similar to the first query. There are no suspicious redirects found.