Scanned pages/files
Request | Server response | Status |
http://www.bysdmy.com/ | 200 OK Content-Length: 22362 Content-Type: text/html | clean |
http://www.bysdmy.com/Languages/JS.ashx?lan=1 | 200 OK Content-Length: 12592 Content-Type: text/html | clean |
http://www.bysdmy.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.bysdmy.com/WebUI/Javascript/jquery-1.4.2.min.js | 200 OK Content-Length: 18714 Content-Type: application/x-javascript | clean |
http://www.bysdmy.com/WebUI/Javascript/webuicom.js | 200 OK Content-Length: 1191 Content-Type: application/x-javascript | clean |
http://www.bysdmy.com/Javascript/DialogDivtt/jquery_dialog_notitle.js | 200 OK Content-Length: 13412 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var dialogzIndex = 100;
var dialogs = new Array(); var JqueryDialog = { "cBackgroundColor": "#ffffff", "cBorderSize": 1, "cBorderColor": "#999999", "cHeaderBackgroundColor": "#f0f0f0", "cSubmitText": "ç¡® å®", "cCancelText": "å æ¶", "cDragTime": "100", dialogName: "dialog_1", zindex: dialogzIndex, OpenDialog: function(dialogName, dialogTitle, ifra if (_controlObj) { $(_controlObj.document).unbind("mousemove"); $(_controlObj.document).unbind("mouseup"); } }; return { Register: function(dragObj, controlObj) { _dragObj = dragObj; _controlObj = controlObj; $(_controlObj).bind("mousedown", dragMouseDownHandler); } } } (); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bysdmy.com
Result:
GET / HTTP/1.1
Host: bysdmy.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: bysdmy.com
Referer: http://www.google.com/search?q=bysdmy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bysdmy.com
Referer: http://www.google.com/search?q=bysdmy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bysdmy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bysdmy.com/
Result: bysdmy.com is not infected or malware details are not published yet.
Result: bysdmy.com is not infected or malware details are not published yet.