Scanned pages/files
Request | Server response | Status |
http://zhangs.biz/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 04:35:39 GMT Location: http://www.zhangs.biz/ Server: Apache Vary: Accept-Encoding Content-Length: 230 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.zhangs.biz/ | 200 OK Content-Length: 68858 Content-Type: text/html | clean |
http://www.zhangs.biz/js/jquery-1.3.2.js | 200 OK Content-Length: 57845 Content-Type: application/javascript | clean |
http://zhangs.biz/js/scripts.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 04:35:43 GMT Location: http://www.zhangs.biz/js/scripts.js Server: Apache Vary: Accept-Encoding Content-Length: 243 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.zhangs.biz/js/scripts.js | 200 OK Content-Length: 13431 Content-Type: application/javascript | clean |
http://zhangs.biz/js/jquery.greybox.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 04:35:44 GMT Location: http://www.zhangs.biz/js/jquery.greybox.js Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.zhangs.biz/js/jquery.greybox.js | 200 OK Content-Length: 2531 Content-Type: application/javascript | clean |
http://zhangs.biz/js/jquery.elastic.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 04:35:44 GMT Location: http://www.zhangs.biz/js/jquery.elastic.js Server: Apache Vary: Accept-Encoding Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.zhangs.biz/js/jquery.elastic.js | 200 OK Content-Length: 2404 Content-Type: application/javascript | clean |
http://zhangs.biz/index.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 04 May 2014 04:35:45 GMT Location: http://www.zhangs.biz/index.php Server: Apache Vary: Accept-Encoding Content-Length: 239 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.zhangs.biz/index.php | 200 OK Content-Length: 68891 Content-Type: text/html | clean |
http://www.zhangs.biz/upload.php | 200 OK Content-Length: 8689 Content-Type: text/html | clean |
http://www.zhangs.biz/js/swfupload/swfupload.js | 200 OK Content-Length: 38288 Content-Type: application/javascript | clean |
http://www.zhangs.biz/js/swfupload/swfupload.swfobject.js | 200 OK Content-Length: 14235 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var swfobject=function(){var b="undefined",Q="object",n="Shockwave Flash",p="ShockwaveFlash.ShockwaveFlash",P="application/x-shockwave-flash",m="SWFObjectExprInst",j=window,K=document,T=navigator,o=[],N=[],i=[],d=[],J,Z=null,M=null,l=null,e=false,A=false;var h=function(){var v=typeof K.getElementById!=b&&typeof K.getElementsByTagName!=b&&typeof K.createElement!=b,AC=[0,0,0],x=null;if(typeof T.plugins!=b&&typeof T.plugins[n]==Q){x=T.plugins[n].description;if(x&&!(t "\t", "minimum_flash_version: ", this.settings.minimum_flash_version, "\n", "\t", "swfupload_pre_load_handler assigned: ", (typeof(this.settings.swfupload_pre_load_handler) === "function").toString(), "\n", "\t", "swfupload_load_failed_handler assigned: ", (typeof(this.settings.swfupload_load_failed_handler) === "function").toString(), "\n", ].join("") ); }; }(SWFUpload.prototype.displayDebugInfo); } Antivirus reports:
| ||
http://www.zhangs.biz/js/swfupload/swfupload.queue.js | 200 OK Content-Length: 3986 Content-Type: application/javascript | clean |
http://www.zhangs.biz/js/swfupload/fileprogress.js | 200 OK Content-Length: 7153 Content-Type: application/javascript | clean |
http://www.zhangs.biz/js/swfupload/handlers.js | 200 OK Content-Length: 13768 Content-Type: application/javascript | clean |
http://www.zhangs.biz/js/setup_swf_upload.js | 200 OK Content-Length: 3751 Content-Type: application/javascript | clean |
http://www.zhangs.biz/js/upload.js | 200 OK Content-Length: 1076 Content-Type: application/javascript | clean |
http://www.zhangs.biz/login.php?referer=upload.php | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 04 May 2014 04:35:50 GMT Location: login.php?reload_once&referer=upload.php&message_id=0956759b27425da900652108ad1b372f&message_icon=info#cpgMessageBlock Server: Apache Vary: Accept-Encoding Content-Length: 6857 Content-Type: text/html; charset=utf-8 P3P: CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE" Set-Cookie: cpg146_data=YToyOntzOjI6IklEIjtzOjMyOiIyOGY2YWQ5MDgzOWQwZGEwYjlkZjBhZTVmNTg4NGQ5MiI7czoyOiJhbSI7aToxO30%3D; expires=Tue, 03-Jun-2014 04:35:50 GMT; path=/ | clean |
http://www.zhangs.biz/login.php?reload_once&referer=upload.php&message_id=0956759b27425da900652108ad1b372f&message_icon=info | 200 OK Content-Length: 8824 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zhangs.biz
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 04 May 2014 04:35:39 GMT
Location: http://www.zhangs.biz/
Server: Apache
Vary: Accept-Encoding
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
GET / HTTP/1.1
Host: zhangs.biz
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 04 May 2014 04:35:39 GMT
Location: http://www.zhangs.biz/
Server: Apache
Vary: Accept-Encoding
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1
...230 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zhangs.biz
Referer: http://www.google.com/search?q=zhangs.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zhangs.biz
Referer: http://www.google.com/search?q=zhangs.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zhangs.biz
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zhangs.biz/
Result: zhangs.biz is not infected or malware details are not published yet.
Result: zhangs.biz is not infected or malware details are not published yet.