Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ecwww.jizzhut.comwww.59hhh.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ecwww.jizzhut.comwww.59hhh.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ecwww.jizzhut.comwww.59hhh.com/ | 200 OK Content-Length: 960 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dy.33sisi.com ...[257 bytes skipped]... com"); urltishi.push("1.22titi.com"); urltishi.push("2.22titi.com"); urltishi.push("3.22titi.com"); for(var i=0;i<urltishi.length;i++){ if (host.indexOf(urltishi[i])>=0){ istishi="1"; } } numb=url.length; urltemp = "http://www."+escape(url[Math.floor(Math.random()*numb)]); ttt="4"; //Ö¸¶¨Ìáʾ //istishi="1"; if (host.indexOf("dy.33sisi.com")>=0 || host.indexOf("zz.06xxx.com")>=0 || host.indexOf("dy.99pipi.com")>=0){ top.location.href="/zhuan/index2.htm?d="+urltemp.replace("http://www.","")+"&t="+ttt; }else if(istishi=="1"){ top.location.href="/zhuan/index3.htm?d="+urltemp.replace("http://www.","")+"&t="+ttt; }else{ top.location.href="/zhuan/?d="+urltemp.replace("http://www.","")+"&t="+ttt; } </script> | ||
http://ecwww.jizzhut.comwww.59hhh.com/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 27 Apr 2014 21:43:24 GMT Location: http://www.02ppp.com/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.02ppp.com/ | 200 OK Content-Length: 960 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dy.33sisi.com ...[257 bytes skipped]... com"); urltishi.push("1.22titi.com"); urltishi.push("2.22titi.com"); urltishi.push("3.22titi.com"); for(var i=0;i<urltishi.length;i++){ if (host.indexOf(urltishi[i])>=0){ istishi="1"; } } numb=url.length; urltemp = "http://www."+escape(url[Math.floor(Math.random()*numb)]); ttt="4"; //Ö¸¶¨Ìáʾ //istishi="1"; if (host.indexOf("dy.33sisi.com")>=0 || host.indexOf("zz.06xxx.com")>=0 || host.indexOf("dy.99pipi.com")>=0){ top.location.href="/zhuan/index2.htm?d="+urltemp.replace("http://www.","")+"&t="+ttt; }else if(istishi=="1"){ top.location.href="/zhuan/index3.htm?d="+urltemp.replace("http://www.","")+"&t="+ttt; }else{ top.location.href="/zhuan/?d="+urltemp.replace("http://www.","")+"&t="+ttt; } </script> | ||
http://www.02ppp.com/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 27 Apr 2014 06:44:58 GMT Location: http://www.02ppp.com/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ecwww.jizzhut.comwww.59hhh.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Apr 2014 21:43:23 GMT
Accept-Ranges: bytes
Server: nginx
Content-Length: 960
Content-Type: text/html
Last-Modified: Wed, 23 Apr 2014 22:44:23 GMT
...960 bytes of data.
GET / HTTP/1.1
Host: ecwww.jizzhut.comwww.59hhh.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 27 Apr 2014 21:43:23 GMT
Accept-Ranges: bytes
Server: nginx
Content-Length: 960
Content-Type: text/html
Last-Modified: Wed, 23 Apr 2014 22:44:23 GMT
...960 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ecwww.jizzhut.comwww.59hhh.com
Referer: http://www.google.com/search?q=ecwww.jizzhut.comwww.59hhh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ecwww.jizzhut.comwww.59hhh.com
Referer: http://www.google.com/search?q=ecwww.jizzhut.comwww.59hhh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.