Scanned pages/files
Request | Server response | Status |
http://42.62.30.180/ | 200 OK Content-Length: 44906 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <iframe scrolling="no" height="68" frameborder="0" width="100%" src="http://tianqi.2345.com/city_wea_set2345_1206.htm" name="city_set_ifr" id="city_set_ifr" allowtransparency="true" style="visibility:hidden"></iframe> Antivirus reports:
Hidden iFrame found. size: 100x68 style: hidden src: http://tianqi.2345.com/city_wea_set2345_1206.htm <iframe scrolling="no" height="68" frameborder="0" width="100%" src="http://tianqi.2345.com/city_wea_set2345_1206.htm" name="city_set_ifr" id="city_set_ifr" allowtransparency="true" style="visibility:hidden"> | ||
http://42.62.30.180/css/common_20150909.js?v=2.28.1 | 200 OK Content-Length: 18936 Content-Type: application/javascript | clean |
http://42.62.30.180/product/ | 200 OK Content-Length: 15907 Content-Type: text/html | clean |
http://42.62.30.180/test404page.js | HTTP/1.1 404 Not Found Connection: close Date: Thu, 01 Oct 2015 06:35:43 GMT Accept-Ranges: bytes Age: 0 ETag: "7e3-50742475bfc80" Vary: Accept-Encoding Content-Type: text/html; charset=gb2312 Last-Modified: Fri, 07 Nov 2014 10:28:50 GMT X-Hits: 0 | clean |
http://www.2345.com/ | 200 OK Content-Length: 1116 Content-Type: text/html | clean |
http://www.2345.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://42.62.30.180/help/repair.htm | 200 OK Content-Length: 6192 Content-Type: text/html | clean |
http://42.62.30.180/help/js/jquery.js | 200 OK Content-Length: 93636 Content-Type: application/javascript | clean |
http://42.62.30.180/help/js/v2/number.js | 200 OK Content-Length: 4803 Content-Type: application/javascript | clean |
http://42.62.30.180/help/js/v2/setHomePage.js | 200 OK Content-Length: 11570 Content-Type: application/javascript | clean |
http://42.62.30.180/help/js/v2/clickcount.js | 200 OK Content-Length: 1004 Content-Type: application/javascript | clean |
http://union2.50bang.org/js/repair | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://union2.50bang.org/js/inner | 200 OK Content-Length: 0 Content-Type: text/plain | clean |
http://42.62.30.180/mail.htm | 200 OK Content-Length: 15668 Content-Type: text/html | clean |
http://42.62.30.180/neiye/wide/js/libnew_girl.js | 200 OK Content-Length: 8723 Content-Type: application/javascript | clean |
http://42.62.30.180/neiye/js/xtop.1.20.js | 200 OK Content-Length: 18555 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 42.62.30.180
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Thu, 01 Oct 2015 06:35:37 GMT
Age: 1005
ETag: "20e37-520f74dc01c40"
Vary: Accept-Encoding
Content-Type: text/html; charset=gb2312
Expires: Thu, 01 Oct 2015 07:18:52 GMT
Last-Modified: Wed, 30 Sep 2015 13:56:57 GMT
X-Died: timeout at scan.pm line 1566.
X-Hits: 9029
GET / HTTP/1.1
Host: 42.62.30.180
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Thu, 01 Oct 2015 06:35:37 GMT
Age: 1005
ETag: "20e37-520f74dc01c40"
Vary: Accept-Encoding
Content-Type: text/html; charset=gb2312
Expires: Thu, 01 Oct 2015 07:18:52 GMT
Last-Modified: Wed, 30 Sep 2015 13:56:57 GMT
X-Died: timeout at scan.pm line 1566.
X-Hits: 9029
Second query (visit from search engine):
GET / HTTP/1.1
Host: 42.62.30.180
Referer: http://www.google.com/search?q=42.62.30.180
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 42.62.30.180
Referer: http://www.google.com/search?q=42.62.30.180
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=42.62.30.180
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://42.62.30.180/
Result: 42.62.30.180 is not infected or malware details are not published yet.
Result: 42.62.30.180 is not infected or malware details are not published yet.