Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=qfschl.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://qfschl.com/ | HTTP/1.1 200 OK Date: Tue, 03 Mar 2015 09:36:46 GMT Accept-Ranges: bytes ETag: "2e96f7f7b55d01:2ee7" Server: Microsoft-IIS/6.0 Content-Length: 60740 Content-Location: http://qfschl.com/index.html Content-Type: text/html Last-Modified: Tue, 03 Mar 2015 06:30:10 GMT X-Powered-By: ASP.NET | clean |
http://qfschl.com/index.html | 200 OK Content-Length: 60740 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"0","bdSize":"16"},"slide":{"type":"slide","bdImg":"0","bdPos":"left","bdTop":"226"}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)]; Antivirus reports:
| ||
http://qfschl.com/Skins/2009/js/jquery.js | 200 OK Content-Length: 38074 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/Js/HomePageFavorite.js | 200 OK Content-Length: 1578 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/SpryAssets/SpryTabbedPanels.js | 200 OK Content-Length: 11675 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/js/nTab.js | 200 OK Content-Length: 514 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/Js/jquery.corner.js | 200 OK Content-Length: 8487 Content-Type: application/x-javascript | clean |
http://wpa.b.qq.com/cgi/wpa.php?key=XzkzODAyNzAwNF8xMjEwMDJfNDAwNjUxODAxMV8 | 200 OK Content-Length: 11519 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.qfschl.com ...[3288 bytes skipped]... s]=function(y){return function(){var z=arguments,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.6/"); BizQQWPA.setVersion("3.3.6.20150114").load({"wty":"1","kfuin":"938027004","nameAccount":"4006518011","type":"12","sv":"4","title":"\u4f01\u4e1a\u540d\u79f0","aty":"0","a":"0","ws":"http:\/\/www.qfschl.com","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"\u4e0b\u6b21\u518d\u8bf4","fsty":"0","fposX":"2","fposY":"1","csty":"1","tx":"1","txw":null,"txh":null,"wd":"\u70b9\u51fb\u5373\u53ef\u53d1\u8d77\u4f1a\u8bdd","wd2":"\u65f6\u95f4\uff1a8:30-22:00","curl":"","wid":"","di":""}); | ||
http://wpa.b.qq.com/cgi/wpa.php?key=XzkzODAyNzAwNF8xMTg1NDRfNDAwNjUxODAxMV8 | 200 OK Content-Length: 11089 Content-Type: text/javascript | clean |
http://wpa.b.qq.com/cgi/wpa.php?key=XzkzODAyNzAwNF8xMjEwOTdfNDAwNjUxODAxMV8 | 200 OK Content-Length: 11591 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.qfschl.com ...[3264 bytes skipped]... ,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.6/"); BizQQWPA.setVersion("3.3.6.20150114").load({"wty":"1","kfuin":"938027004","nameAccount":"4006518011","type":"11","sv":"4","title":"\u6b66\u6c49\u5947\u5cf0\u77f3\u6750\u62a4\u7406\u6709\u9650\u516c\u53f8","aty":"0","a":"0","ws":"http:\/\/www.qfschl.com","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"\u4e0b\u6b21\u518d\u8bf4","fsty":"0","fposX":"1","fposY":"1","csty":"1","tx":"1","txw":null,"txh":null,"wd":"\u70b9\u51fb\u53ef\u53d1\u8d77\u4f1a\u8bdd\u6216\u7559\u8a00","wd2":"\u5de5\u4f5c\u65f6\u95f4\uff1a8:30-22:00","curl":"","wid":"","di":""}); | ||
http://qfschl.com/Skins/2009/js/jquery.Slide.js | 200 OK Content-Length: 8528 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/js/taobaoSlide.js | 200 OK Content-Length: 230 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/Js/fhtz.js | 200 OK Content-Length: 631 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/js/stepcarousel.js | 200 OK Content-Length: 15394 Content-Type: application/x-javascript | clean |
http://qfschl.com/Skins/2009/js/carousel.js | 200 OK Content-Length: 905 Content-Type: application/x-javascript | clean |
http://wpa.b.qq.com/cgi/wpa.php?key=XzkzODAyNzAwNF8xMjQ4MzlfNDAwNjUxODAxMV8 | 200 OK Content-Length: 11394 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.qfschl.com ...[3388 bytes skipped]... nk"];w(p,function(){q[this]=function(y){return function(){var z=arguments,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.6/"); BizQQWPA.setVersion("3.3.6.20150114").load({"wty":"1","kfuin":"938027004","nameAccount":"4006518011","type":"1","sv":"4","title":"","aty":"0","a":"0","ws":"http:\/\/www.qfschl.com","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"","fsty":"0","fposX":"0","fposY":"0","csty":"1","tx":"1","txw":null,"txh":null,"wd":"","wd2":"","curl":"","wid":"","di":""}); |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: qfschl.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 09:36:46 GMT
Accept-Ranges: bytes
ETag: "2e96f7f7b55d01:2ee7"
Server: Microsoft-IIS/6.0
Content-Length: 60740
Content-Location: http://qfschl.com/index.html
Content-Type: text/html
Last-Modified: Tue, 03 Mar 2015 06:30:10 GMT
X-Powered-By: ASP.NET
...60740 bytes of data.
GET / HTTP/1.1
Host: qfschl.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 09:36:46 GMT
Accept-Ranges: bytes
ETag: "2e96f7f7b55d01:2ee7"
Server: Microsoft-IIS/6.0
Content-Length: 60740
Content-Location: http://qfschl.com/index.html
Content-Type: text/html
Last-Modified: Tue, 03 Mar 2015 06:30:10 GMT
X-Powered-By: ASP.NET
...60740 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: qfschl.com
Referer: http://www.google.com/search?q=qfschl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: qfschl.com
Referer: http://www.google.com/search?q=qfschl.com
Result:
The result is similar to the first query. There are no suspicious redirects found.