Scanned pages/files
| Request | Server response | Status |
http://syxxy.com/ | HTTP/1.1 200 OK Date: Thu, 24 Jul 2014 22:51:59 GMT Accept-Ranges: bytes ETag: "e054bd4a9a7cf1:301" Server: Microsoft-IIS/6.0 Content-Length: 12870 Content-Location: http://syxxy.com/index.html Content-Type: text/html Last-Modified: Thu, 24 Jul 2014 06:34:16 GMT X-Powered-By: ASP.NET | clean |
http://syxxy.com/index.html | 200 OK Content-Length: 12870 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: kfehome.com ...[2238 bytes skipped]... getElementById("bdshell_js").src = "http://bdimg.share.baidu.com/static/js/shell_v2.js?t=" + new Date().getHours(); </script> </div> </div> <div id="nav"> <div class="nav-top"> <ul> <li class="index"><h1><a href="http://syxxy.com/">ÉòÑôöÎöÎÒw.com/baijialewanfa" target="_blank">мÓƶij¡</a></li> <li><a href="http://kfehome.com/aomenduqiu" target="_blank">»Ê¹ÚÍø</a></li> <li><a href="http://dxhjy.com/zgdq" target="_blank">ÑÇÖÞ²©²ÊÍø</a></li> <li><a href="http://kfehome.com/zhongguoduqiu" target="_blank">Á¢²©</a></li> <li><a href="http://0452cx.com/zgdq" target="_blank">°ÄÃÅÐǼʶij¡</a></li> </ul> </div> </div> <div id="footer"> ÓÉ<span style="fo ...[1910 bytes skipped]... | ||
http://syxxy.com/common.js | 200 OK Content-Length: 280 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.1581588.com var gotourl = "http://www.1581588.com/";
document.writeln("<div style=\"background-color:#FFF;\"><IFRAME border=0 name=I1 align=center marginWidth=0 src=\""+gotourl+"\" frameBorder=0 width=\"100%\" scrolling=no height=4000 target=\"_blank\" target=\"_blank\"><\/IFRAME><\/div>"); Decoded script: <div style="background-color:#FFF;"><IFRAME border=0 name=I1 align=center marginWidth=0 src="http://www.1581588.com/" frameBorder=0 width="100%" scrolling=no height=4000 target="_blank" target="_blank"></IFRAME></div> | ||
http://syxxy.com/tj.js | 200 OK Content-Length: 120 Content-Type: application/x-javascript | clean |
http://syxxy.com/sitemap.html | 200 OK Content-Length: 35198 Content-Type: text/html | clean |
http://syxxy.com/l3diq/ | HTTP/1.1 200 OK Date: Thu, 24 Jul 2014 22:52:04 GMT Accept-Ranges: bytes ETag: "9469335aeda6cf1:301" Server: Microsoft-IIS/6.0 Content-Length: 13593 Content-Location: http://syxxy.com/l3diq/index.html Content-Type: text/html Last-Modified: Thu, 24 Jul 2014 03:14:16 GMT X-Powered-By: ASP.NET | clean |
http://syxxy.com/l3diq/index.html | 200 OK Content-Length: 13593 Content-Type: text/html | clean |
http://syxxy.com/9p5pa/ | HTTP/1.1 200 OK Date: Thu, 24 Jul 2014 22:52:05 GMT Accept-Ranges: bytes ETag: "7ee928489a7cf1:301" Server: Microsoft-IIS/6.0 Content-Length: 13523 Content-Location: http://syxxy.com/9p5pa/index.html Content-Type: text/html Last-Modified: Thu, 24 Jul 2014 06:34:12 GMT X-Powered-By: ASP.NET | clean |
http://syxxy.com/9p5pa/index.html | 200 OK Content-Length: 13523 Content-Type: text/html | clean |
http://syxxy.com/ahu5v/ | HTTP/1.1 200 OK Date: Thu, 24 Jul 2014 22:52:07 GMT Accept-Ranges: bytes ETag: "a89df995eea6cf1:301" Server: Microsoft-IIS/6.0 Content-Length: 13709 Content-Location: http://syxxy.com/ahu5v/index.html Content-Type: text/html Last-Modified: Thu, 24 Jul 2014 03:23:06 GMT X-Powered-By: ASP.NET | clean |
http://syxxy.com/ahu5v/index.html | 200 OK Content-Length: 13709 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/ | HTTP/1.1 200 OK Date: Thu, 24 Jul 2014 22:52:08 GMT Accept-Ranges: bytes ETag: "54bc3bf3aa3cf1:301" Server: Microsoft-IIS/6.0 Content-Length: 13608 Content-Location: http://syxxy.com/d3kt0/index.html Content-Type: text/html Last-Modified: Sat, 19 Jul 2014 04:36:04 GMT X-Powered-By: ASP.NET | clean |
http://syxxy.com/d3kt0/index.html | 200 OK Content-Length: 13608 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/131.html | 200 OK Content-Length: 16955 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/130.html | 200 OK Content-Length: 17230 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/129.html | 200 OK Content-Length: 17253 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: kfehome.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>¶«·½ÏÄÍþÒÄÓéÀÖ³ÇËÍ18ÔªÌåÑé½ðµÄ²©²ÊÍø ¼´È϶¨2013Äê10ÔÂ28ÈÕÇ©¶© - ÆóÒµÎÄ»¯ - ÉòÑôöÎöÎÒµÃÀÊõÉè¼Æ¹¤×÷ÊÒ</title> <meta name="keywords" content=" ...[4697 bytes skipped]... | ||
http://syxxy.com/ahu5v/128.html | 200 OK Content-Length: 16901 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/127.html | 200 OK Content-Length: 16995 Content-Type: text/html | clean |
http://syxxy.com/ahu5v/126.html | 200 OK Content-Length: 16742 Content-Type: text/html | clean |
http://syxxy.com/d3kt0/125.html | 200 OK Content-Length: 17034 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: syxxy.com
Result:
HTTP/1.1 200 OK
Date: Thu, 24 Jul 2014 22:51:59 GMT
Accept-Ranges: bytes
ETag: "e054bd4a9a7cf1:301"
Server: Microsoft-IIS/6.0
Content-Length: 12870
Content-Location: http://syxxy.com/index.html
Content-Type: text/html
Last-Modified: Thu, 24 Jul 2014 06:34:16 GMT
X-Powered-By: ASP.NET
...12870 bytes of data.
GET / HTTP/1.1
Host: syxxy.com
Result:
HTTP/1.1 200 OK
Date: Thu, 24 Jul 2014 22:51:59 GMT
Accept-Ranges: bytes
ETag: "e054bd4a9a7cf1:301"
Server: Microsoft-IIS/6.0
Content-Length: 12870
Content-Location: http://syxxy.com/index.html
Content-Type: text/html
Last-Modified: Thu, 24 Jul 2014 06:34:16 GMT
X-Powered-By: ASP.NET
...12870 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: syxxy.com
Referer: http://www.google.com/search?q=syxxy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: syxxy.com
Referer: http://www.google.com/search?q=syxxy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=syxxy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://syxxy.com/
Result: syxxy.com is not infected or malware details are not published yet.
Result: syxxy.com is not infected or malware details are not published yet.