Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zhongsu.cc
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zhongsu.cc/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://zhongsu.cc/ | 200 OK Content-Length: 42087 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var delta=0.15 var collection; function floaters() { this.items = []; this.addItem = function(id,x,y,content) { document.write('<DIV id='+id+' style="Z-INDEX: 10; POSITION: absolute;width:80px; height:30px;left:'+(typeof(x)=='string'?eval(x):x)+';top:'+(typeof(y)=='string'?eval(y):y)+'">'+content+'</DIV>'); var newItem = {}; newItem.object = document.getElementById(id); newItem.x = x; newItem.y = y; t dy=(dy>0?1:-1)*Math.ceil(Math.abs(dy)); followObj.style.top=followObj.offsetTop+dy; } followObj.style.display = ''; } } var theFloaters = new floaters(); theFloaters.addItem('followDiv1','document.body.clientWidth-106',130,'<iframe align=middle marginwidth=0 marginheight=0 hspace=0 src="qq.html" frameborder=no scrolling=no width=104 height=98></iframe>'); theFloaters.play(); Antivirus reports:
| ||
http://cnimg.alisoft.com//js/probe/launch.js?site=4004593&zh_cn/ | 500 Can't connect to cnimg.alisoft.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://cnimg.alisoft.com/test404page.js | 500 Can't connect to cnimg.alisoft.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://zhongsu.cc/ieupdate.js | 200 OK Content-Length: 156 Content-Type: application/x-javascript | clean |
http://zjnet.zjaic.gov.cn/wzqybswj/3303820000021218.js | 200 OK Content-Length: 185 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zhongsu.cc
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 23:18:17 GMT
Server: Microsoft-IIS/7.5
Content-Length: 42087
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQDATBCA=KILHHODAFCNCDDNAAMEPFEAI; path=/
X-Powered-By: ASP.NET
...42087 bytes of data.
GET / HTTP/1.1
Host: zhongsu.cc
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 23:18:17 GMT
Server: Microsoft-IIS/7.5
Content-Length: 42087
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSQDATBCA=KILHHODAFCNCDDNAAMEPFEAI; path=/
X-Powered-By: ASP.NET
...42087 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zhongsu.cc
Referer: http://www.google.com/search?q=zhongsu.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zhongsu.cc
Referer: http://www.google.com/search?q=zhongsu.cc
Result:
The result is similar to the first query. There are no suspicious redirects found.