Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 917e.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Wed, 04 Mar 2015 00:03:47 GMT
Location: http://917e.com/h/soft.htm
Server: Apache
Vary: Accept-Encoding
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
...210 bytes of data.
GET / HTTP/1.1
Host: 917e.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Wed, 04 Mar 2015 00:03:47 GMT
Location: http://917e.com/h/soft.htm
Server: Apache
Vary: Accept-Encoding
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
...210 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 917e.com
Referer: http://www.google.com/search?q=917e.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 917e.com
Referer: http://www.google.com/search?q=917e.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://917e.com/ | HTTP/1.1 302 Found Connection: close Date: Wed, 04 Mar 2015 00:03:47 GMT Location: http://917e.com/h/soft.htm Server: Apache Vary: Accept-Encoding Content-Length: 210 Content-Type: text/html; charset=iso-8859-1 | clean |
http://917e.com/h/soft.htm | 200 OK Content-Length: 45355 Content-Type: text/html | clean |
http://917e.com/js/ajax.js | 200 OK Content-Length: 1881 Content-Type: application/javascript | clean |
http://917e.com/js/goodsusr.js | 200 OK Content-Length: 10578 Content-Type: application/javascript | clean |
http://917e.com/js/md5.js | 200 OK Content-Length: 4633 Content-Type: application/javascript | clean |
http://917e.com/js/objectSwap.js | 200 OK Content-Length: 2326 Content-Type: application/javascript | clean |
http://s11.cnzz.com/stat.php?id=2081451&web_id=2081451&show=pic | 200 OK Content-Length: 10075 Content-Type: application/javascript | clean |
http://static.b.qq.com/account/bizqq/js/wpa.js?wty=1&type=1&kfuin=800023566&ws=shop60443691.taobao.com&btn1=%E4%BC%81%E4%B8%9AQQ%E4%BA%A4%E8%B0%88&aty=0&a=&key=_%3A%0C%3DRg%072%08%3E%01d%041U%3AT2%04%3B%01%3B%5E9%044%03e%02f%06g%5D5%007%021 | 200 OK Content-Length: 134915 Content-Type: application/x-javascript | clean |
http://917e.com/kf/kf0/ServiceQQ.js | 200 OK Content-Length: 4049 Content-Type: application/javascript | clean |
http://917e.com/h/admin.htm | 200 OK Content-Length: 2377 Content-Type: text/html | clean |
http://917e.com/js/admin.js | 200 OK Content-Length: 1658 Content-Type: application/javascript | clean |
http://917e.com/htm/pub.htm | 200 OK Content-Length: 1379 Content-Type: text/html | clean |
http://917e.com/js/pub.js | 200 OK Content-Length: 469 Content-Type: application/javascript | clean |
http://917e.com/test404page.js | 200 OK Content-Length: 7 Content-Type: text/html | clean |
http://917e.com/htm/ChangePwd.htm | 200 OK Content-Length: 3684 Content-Type: text/html | clean |
http://917e.com/soft/jc.htm | 200 OK Content-Length: 2960 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=917e.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://917e.com/
Result: 917e.com is not infected or malware details are not published yet.
Result: 917e.com is not infected or malware details are not published yet.