Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=youji021.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://youji021.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://youji021.com/ | 200 OK Content-Length: 37662 Content-Type: text/html | clean |
http://youji021.com/about.asp | 200 OK Content-Length: 22580 Content-Type: text/html | clean |
http://youji021.com/news.asp | 200 OK Content-Length: 38176 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
http://youji021.com/product.asp | 200 OK Content-Length: 42198 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" {idname2.style.display = "block";} else {idname2.style.display="none";} } function getInfo(obj){ var result = ""; var xmlHttp = new ActiveXObject("MSXML2.XMLHTTP"); xmlHttp.open("POST", "inc/noFlashFunc.asp?tid="+obj, false); xmlHttp.send(); result = xmlHttp.responseText; document.all.xtid.innerHTML="<select name=\"xl\" style=\"width:153px\">"+result+"</select>"; } Antivirus reports:
| ||
http://youji021.com/service1.asp | 200 OK Content-Length: 21357 Content-Type: text/html | clean |
http://youji021.com/job.asp | 200 OK Content-Length: 26449 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
http://youji021.com/message.asp | 500 Internal Server Error Content-Length: 335 Content-Type: text/html | clean |
http://youji021.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://youji021.com/contact.asp | 200 OK Content-Length: 19990 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } function getInfo(obj){ var result = ""; var xmlHttp = new ActiveXObject("MSXML2.XMLHTTP"); xmlHttp.open("POST", "inc/noFlashFunc.asp?tid="+obj, false); xmlHttp.send(); result = xmlHttp.responseText; document.all.xtid.innerHTML="<select name=\"xl\" style=\"width:153px\">"+result+"</select>"; } Antivirus reports:
| ||
http://youji021.com/map.asp | 200 OK Content-Length: 19666 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" } if(document.form1.Address2.value==""){ alert("ÇëÊäÈëÓÊÕþ±àÂë!") document.form1.Address2.focus() return false } if(document.form1.Postcode.value==""){ alert("ÇëÊäÈëÁôÑÔÄÚÈÝ!") document.form1.Postcode.focus() return false } if(document.form1.Notes.value==""){ alert("ÇëÊäÈë¸öÈ˼òÀú!") document.form1.Notes.focus() return false } } Antivirus reports:
| ||
http://youji021.com/index.asp | 200 OK Content-Length: 37662 Content-Type: text/html | clean |
http://youji021.com/news_show.asp?tid=8&id=22 | 200 OK Content-Length: 27408 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
http://youji021.com/news.asp?tid=4 | 200 OK Content-Length: 27463 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
http://youji021.com/newspapers.asp | 200 OK Content-Length: 35437 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
http://youji021.com/news.asp?tid=6 | 200 OK Content-Length: 26346 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function on(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "none" n2.style.display ="block" bg.style.background = 'url(images/dbg.png)' cl.style.color = "#ffffff" } function out(n1,n2,bg,cl) { var n1 = eval(n1); var n2 = eval(n2); var bg = eval(bg); var cl = eval(cl); n1.style.display = "block" n2.style.display ="none" bg.style.background = '' cl.style.color = "#5A5A5A" } function checkLogin(userName,n) { if (n == 0 && userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";userName.style.cssText = "color:#969696"} if (n == 1){ if(userName.value == "ÊäÈë¹Ø¼ü×Ö"){userName.value="";} userName.style.cssText = "color:#000"; } if (n == 2 && userName.value == ""){userName.value = "ÊäÈë¹Ø¼ü×Ö";userName.style.cssText = "color:#969696"} } Antivirus reports:
| ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: youji021.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 13 Jun 2014 03:26:36 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html; Charset=gb2312
Set-Cookie: ASPSESSIONIDCARSQTCR=NMBPKEHAOBJMKOLIBGGNHNKB; path=/
Set-Cookie: _D_SID=0E6E175C; path=/;
X-Powered-By: ASP.NET
GET / HTTP/1.1
Host: youji021.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 13 Jun 2014 03:26:36 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html; Charset=gb2312
Set-Cookie: ASPSESSIONIDCARSQTCR=NMBPKEHAOBJMKOLIBGGNHNKB; path=/
Set-Cookie: _D_SID=0E6E175C; path=/;
X-Powered-By: ASP.NET
Second query (visit from search engine):
GET / HTTP/1.1
Host: youji021.com
Referer: http://www.google.com/search?q=youji021.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: youji021.com
Referer: http://www.google.com/search?q=youji021.com
Result:
The result is similar to the first query. There are no suspicious redirects found.