Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=789999.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.789999.com/ | HTTP/1.1 200 OK Date: Fri, 06 Mar 2015 14:05:05 GMT Accept-Ranges: bytes ETag: "80c6b46dc748d01:145b" Server: Microsoft-IIS/6.0 Content-Length: 108461 Content-Location: http://www.789999.com/index.html Content-Type: text/html Last-Modified: Sun, 15 Feb 2015 02:30:57 GMT X-Died: timeout at scan.pm line 1566. | clean |
http://www.789999.com/index.html | 200 OK Content-Length: 100122 Content-Type: text/html | clean |
http://www.789999.com/js/ad_top.js | 200 OK Content-Length: 488 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_1.js | 200 OK Content-Length: 1806 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_2.js | 200 OK Content-Length: 232 Content-Type: application/x-javascript | clean |
http://www.277770.com/Js/topad1.js | 200 OK Content-Length: 7396 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_text1.js | 200 OK Content-Length: 90 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<div id='text_ad1'>");
document.write("="); document.write("</div>"); Antivirus reports:
| ||
http://www.789999.com/js/ad_3.js | 200 OK Content-Length: 1140 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: www.2488.cc document.writeln("<div id=ad3>");
document.writeln("<div><a href='http://www.2488.cc/888/' target=_blank><img src='/logo/tts_120.gif' width=136 height=60 border=0></a></div>"); document.writeln("<div><a href='http://www.22879.com/index.asp?menu=1' target=_blank><img src='/logo/ZQQS_120X60.gif' width=136 height=60 border=0></a></div>"); document.writeln("<div><a href='http://www.38498.com/mffx.asp?m=1' target=_blank><img src='/logo/AOLI_120.gif' ...[843 bytes skipped]... | ||
http://www.789999.com/js/ad_text2.js | 200 OK Content-Length: 862 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_4.js | 200 OK Content-Length: 379 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_text3.js | 200 OK Content-Length: 461 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/ad_5.js | 200 OK Content-Length: 216 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: www.2488.cc //document.writeln("<div id=ad5>");
//document.writeln("<a href='http://www.2488.cc/' target='_blank'><img src='/logo/tt_950.gif' alt='' width='990' height='40' border='0' /></a>"); //document.writeln("</div>"); | ||
http://www.789999.com/js/ad_6.js | 200 OK Content-Length: 69 Content-Type: application/x-javascript | clean |
http://www.789999.com/html/xin2/ | HTTP/1.1 200 OK Date: Fri, 06 Mar 2015 14:05:25 GMT Accept-Ranges: bytes ETag: "077b3b50e9cf1:145b" Server: Microsoft-IIS/6.0 Content-Length: 7523 Content-Location: http://www.789999.com/html/xin2/index.html Content-Type: text/html Last-Modified: Thu, 16 Oct 2014 14:47:02 GMT | clean |
http://www.789999.com/html/xin2/index.html | 200 OK Content-Length: 7523 Content-Type: text/html | clean |
http://www.789999.com/skins/2009/js/wu.js | 200 OK Content-Length: 3151 Content-Type: application/x-javascript | clean |
http://www.789999.com/js/qq.js | HTTP/1.1 404 Not Found Date: Fri, 06 Mar 2015 14:05:30 GMT Server: Microsoft-IIS/6.0 Content-Length: 8388 Content-Type: text/html | clean |
http://www.789999.com/test404page.js | HTTP/1.1 404 Not Found Date: Fri, 06 Mar 2015 14:05:31 GMT Server: Microsoft-IIS/6.0 Content-Length: 8388 Content-Type: text/html | clean |
http://s73.cnzz.com/stat.php?id=1073206&web_id=1073206 | 200 OK Content-Length: 10071 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 789999.com
Result:
GET / HTTP/1.1
Host: 789999.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 789999.com
Referer: http://www.google.com/search?q=789999.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 789999.com
Referer: http://www.google.com/search?q=789999.com
Result:
The result is similar to the first query. There are no suspicious redirects found.