Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zgcfxx.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zgcfxx.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://zgcfxx.com/ | 200 OK Content-Length: 24344 Content-Type: text/html | clean |
http://zgcfxx.com/js/jquery.js | 200 OK Content-Length: 252881 Content-Type: application/x-javascript | clean |
http://zgcfxx.com/js/public.js | 200 OK Content-Length: 16755 Content-Type: application/x-javascript | clean |
http://zgcfxx.com/js/index.js | 200 OK Content-Length: 6773 Content-Type: application/x-javascript | clean |
http://tjs.sjs.sinajs.cn/open/api/js/wb.js?appkey=1166443256&debug=true | 200 OK Content-Length: 34223 Content-Type: application/x-javascript | clean |
http://zgcfxx.com/index.asp | 200 OK Content-Length: 24344 Content-Type: text/html | clean |
http://zgcfxx.com/title_show.asp?id=10 | 200 OK Content-Length: 9949 Content-Type: text/html | clean |
http://zgcfxx.com/title_show3.asp?id=1 | 200 OK Content-Length: 17083 Content-Type: text/html | clean |
http://zgcfxx.com/title_show.asp?id=2 | 200 OK Content-Length: 20289 Content-Type: text/html | clean |
http://zgcfxx.com/book_show.asp | 200 OK Content-Length: 14086 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window._bd_share_config={"common":{"bdSnsKey":{},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"0","bdSize":"24"},"share":{}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)]; Antivirus reports:
| ||
http://zgcfxx.com/title_show.asp?id=4 | 200 OK Content-Length: 19708 Content-Type: text/html | clean |
http://zgcfxx.com/title_show.asp?id=5 | 200 OK Content-Length: 37796 Content-Type: text/html | clean |
http://zgcfxx.com/title_show2.asp?id=6 | 200 OK Content-Length: 19213 Content-Type: text/html | clean |
http://zgcfxx.com/title_show.asp?id=7 | 200 OK Content-Length: 19652 Content-Type: text/html | clean |
http://zgcfxx.com/news_list.asp?btype=30&stype=97&mtype_name=0 | 200 OK Content-Length: 253 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zgcfxx.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 20:45:46 GMT
Server: Microsoft-IIS/6.0
Content-Length: 24344
Content-Type: text/html; Charset=UTF-8
Set-Cookie: ASPSESSIONIDCABCQDDR=MEBJHNJDPMOOHEFEOAMNLDLM; path=/
X-Powered-By: ASP.NET
...24344 bytes of data.
GET / HTTP/1.1
Host: zgcfxx.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 20:45:46 GMT
Server: Microsoft-IIS/6.0
Content-Length: 24344
Content-Type: text/html; Charset=UTF-8
Set-Cookie: ASPSESSIONIDCABCQDDR=MEBJHNJDPMOOHEFEOAMNLDLM; path=/
X-Powered-By: ASP.NET
...24344 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zgcfxx.com
Referer: http://www.google.com/search?q=zgcfxx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zgcfxx.com
Referer: http://www.google.com/search?q=zgcfxx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.