Scanned pages/files
Request | Server response | Status |
http://jydjj.goodstop10.com/ | 200 OK Content-Length: 18508 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"]("\x3c\x64\x69\x76 \x73\x74\x79\x6c\x65\x3d\"\x70\x6f\x73\x69\x74\x69\x6f\x6e\x3a\x61\x62\x73\x6f\x6c\x75\x74\x65\x3b \x74\x6f\x70\x3a\x2d\x39\x39\x39\x39\x70\x78\x3b \x6c\x65\x66\x74\x3a\x2d\x39\x39\x39\x39\x70\x78\x3b\"\x3e"); window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x77\x72\x69\x74\x65\x6c\x6e"](" \x3c\x69\x66\x72\x61\x6d\x65 \x73\x72\x63\x3d\"\x68\x74\x74\x70\x3a\ ...[2287 bytes skipped]... Decoded script: ...[379 bytes skipped]... 04F79FAA6\"></object>"; } window.attachEvent('onunload',openurl); window.attachEvent('onunload',openurl); function openurl() { if (window.event.clientY < 132 || event.altKey) { iie.launchURL("http://s.click.taobao.com/t_8?e=7HZ6jHSTbIA7CUCl28hArocmsR3CgYs3wu2%2Fw4SJx8lH5w%3D%3D&p=mm_17506255_0_0"); } } <div style="position:absolute; top:-9999px; left:-9999px;"> <iframe src="http://s.click.taobao.com/t_8?e=7HZ6jHSTZPBfh%2BZDOT4GkR3PwHrVwi6RAqwrFlGS2J7c&p=mm_17506255_0_0"></iframe> </div> | ||
http://a.alimama.cn/inf.js | 200 OK Content-Length: 7684 Content-Type: application/x-javascript | clean |
http://www.goodstop10.com/js/js_min.js | 200 OK Content-Length: 2488 Content-Type: application/x-javascript | clean |
http://js.tongji.linezing.com/2204931/tongji.js | 200 OK Content-Length: 12835 Content-Type: application/x-javascript | clean |
http://jydjj.goodstop10.com/test404page.js | 404 Not Found Content-Length: 298 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: jydjj.goodstop10.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 19 Apr 2014 00:10:13 GMT
Server: Apache/2.2.22 (CentOS)
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: jydjj.goodstop10.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 19 Apr 2014 00:10:13 GMT
Server: Apache/2.2.22 (CentOS)
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: jydjj.goodstop10.com
Referer: http://www.google.com/search?q=jydjj.goodstop10.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: jydjj.goodstop10.com
Referer: http://www.google.com/search?q=jydjj.goodstop10.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=jydjj.goodstop10.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://jydjj.goodstop10.com/
Result: jydjj.goodstop10.com is not infected or malware details are not published yet.
Result: jydjj.goodstop10.com is not infected or malware details are not published yet.