Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=yybk.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://yybk.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 16:48:07 GMT Location: http://www.3jy.com/ Server: nginx Content-Type: text/html | clean |
http://www.3jy.com/ | 200 OK Content-Length: 60124 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãç¬è¯ãå 涵ç¬è¯å¤§å ¨å¾ç_å¹½é»ç¬è¯å¤§å ¨çç¬_çç¬ç¬è¯å¤§å ¨ç½-å½æªç¬è¯</title> <meta name="keywords" content="ç¬è¯,ç ...[4237 bytes skipped]... | ||
http://www.3jy.com/pd/pos.js?20140930 | 200 OK Content-Length: 9955 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: api.3jy.com ...[3238 bytes skipped]... script type=\"text/javascript\">/*625*75,3jy_å ¨ç«éæ¾å·¦3*/var cpro_id = \"u1350300\";</script><script src=\"http://cpro.baidustatic.com/cpro/ui/c.js\"type=\"text/javascript\"></script>'; document.write(adstring); } } };var jiwai_config = {statics_image:"http://img.3jy.com/statics/images/",statics_js:"http://www.3jy.com/statics/js/",statics_css:"http://www.3jy.com/statics/css/",siteurl:"http://www.3jy.com/",apiurl:"api.3jy.com",baseurl:"3jy.com",imageuurl:"http://u.3jy.com/",imageurl:"http://img.3jy.com/",readurl :"http://www.3jy.com/",ajaxurl :"http://api.3jy.com/index.php",writeurl :"http://my.3jy.com/index.php",uurl:"http://u.3jy.com/"};function GetQueryString(name){var reg=new RegExp("(^|&)"+name+"=([^&]*)(&|$)");var r=window.location.search.substr(1).match(reg);if(r!=null)return unescape(r[2]);return null}var ref=document.referrer,MUSER = GetQueryString("f");var is360=(ref.indexOf('3600.c ...[65 bytes skipped]... | ||
http://www.3jy.com/statics/js/jquery.min.js?20140930 | 200 OK Content-Length: 74794 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.cal Antivirus reports:
| ||
http://www.3jy.com/statics/js/l2.js?20140930 | 200 OK Content-Length: 52087 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: admin.3jy.com ...[690 bytes skipped]... "){ is_moz = userAgent.substr(userAgent.indexOf("firefox") + 8, 3); } //å¤ææµè§å¨æ¯å¦ä¸ºieæµè§å¨ if(userAgent.indexOf("msie") != -1&&!is_opera){ is_ie = userAgent.substr(userAgent.indexOf("msie") + 5, 3) } //å¤ææµè§å¨æ¯å¦ä¸ºè¹ææµè§å¨ is_safar = -1 != userAgent.indexOf("webkit") || -1 != userAgent.indexOf("safari"); //设å®å½åå if(window.location.href.indexOf('admin.3jy.com')<=-1){ document.domain = jiwai_config.baseurl; } //ç«ç¹jsæ¹æ³ var jiwai = { //-------------å ¬å ±åé---------------------- hotcom: [],TryErr: 0,IsList: 0,IsEmpty: 0,JokeID: 0,listcheck: 0,atlaspage: 0,atlasurl: "",object:"", //-------------å ¬å ±æ¹æ³---------------------- //id对象éæ©å¨ $: function(a) { var b = document.getElementById(a); if (b) { return b } else { return ...[2969 bytes skipped]... | ||
http://s4.cnzz.com/stat.php?id=5488099&web_id=5488099 | 200 OK Content-Length: 10071 Content-Type: application/javascript | clean |
http://www.3jy.com/statics/js/tongji_cid.js | 200 OK Content-Length: 8757 Content-Type: application/javascript | clean |
http://yybk.com/zuixin | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 16:48:16 GMT Location: http://www.3jy.com/zuixin Server: nginx Content-Type: text/html | clean |
http://www.3jy.com/zuixin | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Mon, 12 Jan 2015 16:48:17 GMT Location: http://www.3jy.com/zuixin/ Server: nginx Content-Type: text/html Expires: Mon, 12 Jan 2015 17:03:17 GMT | clean |
http://www.3jy.com/zuixin/ | 200 OK Content-Length: 51258 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ææ°_å½æªç¬è¯</title> <meta name="keywords" content="ç¬è¯,æç¬å¾ç,å·ç¬è¯,æç¬,å 涵å¾,å¹½é»ç¬è¯,å½æªç½"/> <met ...[4466 bytes skipped]... | ||
http://www.3jy.com/youmo/ | 200 OK Content-Length: 51984 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãå¹½é»ç¬è¯å¤§å ¨ãå¹½é»ç¬è¯å¤§å ¨|çç¬å¹½é»ç¬è¯çä¿¡|æ äº-å½æªç¬è¯</title> <meta name="keywords" content="å¹½é»ç¬è¯å¤§å ¨ç ...[4442 bytes skipped]... | ||
http://www.3jy.com/egao/ | 200 OK Content-Length: 48352 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãæç¬å¾çãæç¬å¾çå¤§å ¨_æç¬å¾çç¬æ»äºº-å½æªç¬è¯</title> <meta name="keywords" content="æç¬å¾ç,æç¬å¾çç¬æ»äºº, ...[4466 bytes skipped]... | ||
http://www.3jy.com/neihantu/ | 200 OK Content-Length: 50709 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãå 涵å¾çãæç¬å 涵å¾ç_åå¼ å 涵å¾ç_éªæ¶å 涵å¾ç-å½æªç¬è¯</title> <meta name="keywords" content="å 涵å¾,å æ¶µå¾ ...[4442 bytes skipped]... | ||
http://www.3jy.com/dongtu/ | 200 OK Content-Length: 53573 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãå¨æå¾çãæç¬å¨æå¾çå¤§å ¨_éªæ¶å¨æå¾çå¤§å ¨-å½æªç¬è¯</title> <meta name="keywords" content="æç¬å¨æå¾ç,éªæ¶å ...[4445 bytes skipped]... | ||
http://www.3jy.com/gaoxiaoshipin/ | 200 OK Content-Length: 47831 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãæç¬è§é¢ãcfæç¬è§é¢_æç¬è§é¢ç¬æ»äººä¸å¿å½-å½æªç¬è¯</title> <meta name="keywords" content="æç¬è§é¢,cfæç¬è§é¢,æ ...[4441 bytes skipped]... | ||
http://s22.cnzz.com/stat.php?id=5536712&web_id=5536712 | 200 OK Content-Length: 10072 Content-Type: application/javascript | clean |
http://www.3jy.com/tag/56/ | 200 OK Content-Length: 50891 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãä»æ¥ç²¾éãä»æ¥ç²¾éä»ä¹ææ_ä»ä¹å«ä»æ¥ç²¾é-å½æªç¬è¯</title> <meta name="keywords" content="ä»æ¥ç²¾é,ä»æ¥ç²¾éä»ä ...[4458 bytes skipped]... | ||
http://www.3jy.com/tag/8/ | 200 OK Content-Length: 57005 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.3jy.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>ãå 涵ç¬è¯å§ãå 涵ç¬è¯å¤§å ¨_ç«æå 涵ç¬è¯-å½æªç¬è¯</title> <meta name="keywords" content="å 涵ç¬è¯å§,å 涵ç¬è¯å¤§å ¨, ...[4470 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: yybk.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 16:48:07 GMT
Location: http://www.3jy.com/
Server: nginx
Content-Type: text/html
GET / HTTP/1.1
Host: yybk.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 16:48:07 GMT
Location: http://www.3jy.com/
Server: nginx
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: yybk.com
Referer: http://www.google.com/search?q=yybk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: yybk.com
Referer: http://www.google.com/search?q=yybk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.