See: http://www.virustotal.com/url-scan/report.html?id=06532eb9fc51d5eea165c1960f5700f0-1324683645
and nothhing detected here:
http://www.virustotal.com/file-scan/report.html?id=bff3b8d15d83183836a3f550b18f9f46c5f4694155ce8847968abd5caadcd1f6-1324687369
See: http://urlquery.net/queued.php?id=13319
Dangerous site http://www.urlvoid.com/scan/zhenfei.com.cn
-zhenfei.com.cn/fade.js suspicious
[suspicious:2] (ipaddr:61.139.126.eight) (script) -zhenfei.com.cn/fade.js
status: (referer=-zhenfei.com.cn/AClass2.asp?ClassID=10)saved 2952 bytes 953c6ee8608b199c19f76f5c714a84c8ec3b3fbf
info: [decodingLevel=0] found JavaScript
suspicious: -
Obfuscated script > iframe src=-http://www.wrmfwk.cn/b3.htm
found suspicious here: http://urlquery.net/report.php?id=13318
This is weird to observe, how could this scan be OK?
Checking: -http://www.zhenfei.com.cn/fade.js?ArticleID=13
File size: 2952 bytes
File MD5: 583f759f509e1fd1bcc01caca1adae20
-http://www.zhenfei.com.cn/fade.js?ArticleID=13 - Ok
And here we go---->
Checking: -http://%61%76%65%32%2E%63%6E
File size: 2124 bytes
File MD5: 551823d3fd646640a8e6080d6bc9c1aa
-http://%61%76%65%32%2E%63%6E - archive HTML
-http://%61%76%65%32%2E%63%6E/Script.0 - Ok
-http://%61%76%65%32%2E%63%6E - Ok
Checking: -http://www.wrmfwk.cn/b3.htm
File size: 65 bytes
File MD5: 3d95b9e93f4700e490609dff2a7cfff6
-http://www.wrmfwk.cn/b3.htm - archive HTML
-http://www.wrmfwk.cn/b3.htm/Script.0 - Ok
-http://www.wrmfwk.cn/b3.htm - Ok
Checking: -http://www.zhenfei.com.cn/article_show.asp?ArticleID=13
Engine version: 5.0.2.3300
Total virus-finding records: 2964032
File size: 8961 bytes
File MD5: 9e6ab878600f63e9332a799ea1a4f7ea
-http://www.zhenfei.com.cn/article_show.asp?ArticleID=13 - has Trojan.Malscript!html
Threats found at site: Trojan.Malscript!html and Bad Anchor Link total 158
Sucuri alterts these:
Malware found in the URL:
-http://www.zhenfei.com.cn
Anomaly behavior detected (possible malware).
Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
Security warning in the URL:
-http://www.zhenfei.com.cn/main.asp
Hidden Iframes.
Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202