Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cqbayu.tk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cqbayu.tk
Result:
HTTP/1.1 203 Non-Authoritative Information
Cache-Control: no-cache
Connection: close
Date: Fri, 09 Jan 2015 07:56:51 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Length: 637
Content-Type: text/html;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=294A7D9E2F6B0E07225BDCBD60E030A3; Path=/; HttpOnly
X-Server: 03942263aa9f
...637 bytes of data.
GET / HTTP/1.1
Host: cqbayu.tk
Result:
HTTP/1.1 203 Non-Authoritative Information
Cache-Control: no-cache
Connection: close
Date: Fri, 09 Jan 2015 07:56:51 GMT
Pragma: no-cache
Server: nginx/1.6.2
Vary: Accept-Encoding
Content-Length: 637
Content-Type: text/html;charset=UTF-8
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONID=294A7D9E2F6B0E07225BDCBD60E030A3; Path=/; HttpOnly
X-Server: 03942263aa9f
...637 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cqbayu.tk
Referer: http://www.google.com/search?q=cqbayu.tk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cqbayu.tk
Referer: http://www.google.com/search?q=cqbayu.tk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://cqbayu.tk/ | HTTP/1.1 203 Non-Authoritative Information Cache-Control: no-cache Connection: close Date: Fri, 09 Jan 2015 07:56:51 GMT Pragma: no-cache Server: nginx/1.6.2 Vary: Accept-Encoding Content-Length: 637 Content-Type: text/html;charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=294A7D9E2F6B0E07225BDCBD60E030A3; Path=/; HttpOnly X-Server: 03942263aa9f | clean |
http://domain.dot.tk/p/?d=cqbayu.tk&i=78.158.11.226&c=370&ro=0&ref=unknown&_=1420790211286 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 09 Jan 2015 07:56:51 GMT Location: http://fn.hgin.com/&_=1420790211 Server: Apache/1.3.41 (Unix) mod_perl/1.30 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 | clean |
http://fn.hgin.com/&_=1420790211 | HTTP/1.1 302 Found Connection: close Date: Fri, 09 Jan 2015 07:56:51 GMT Location: http://a6shd.realshieldlinked.com/?kw=fn Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | clean |
http://a6shd.realshieldlinked.com/?kw=fn | HTTP/1.1 302 Moved Temporarily Connection: Close Date: Fri, 09 Jan 2015 07:56:52 GMT Location: http://Z8czz.rewardzone.treatmentthrone.xyz/?sov=265069507&hid=gqigkkgysmgk&redid=6201&id=XNSX.-r6201 Server: nginx/1.2.8 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.23 | clean |
http://z8czz.rewardzone.treatmentthrone.xyz/?sov=265069507&hid=gqigkkgysmgk&redid=6201&id=xnsx.-r6201 | 200 OK Content-Length: 16148 Content-Type: text/html | clean |
http://z8czz.rewardzone.treatmentthrone.xyz//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js/ | 200 OK Content-Length: 157 Content-Type: text/html | clean |
http://z8czz.rewardzone.treatmentthrone.xyz//rewardzone.treatmentthrone.xyz/admin_config/ | 200 OK Content-Length: 157 Content-Type: text/html | clean |
http://z8czz.rewardzone.treatmentthrone.xyz/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
http://cqbayu.tk//ajax.googleapis.com/ajax/libs/ext-core/3.0.0/ext-core.js/ | HTTP/1.1 203 Non-Authoritative Information Cache-Control: no-cache Connection: close Date: Fri, 09 Jan 2015 07:56:55 GMT Pragma: no-cache Server: nginx/1.6.2 Vary: Accept-Encoding Content-Length: 637 Content-Type: text/html;charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=49EF643D0D6CCAA7303E0EB820F8C586; Path=/; HttpOnly X-Server: 03942263aa9f | clean |
http://domain.dot.tk/p/?d=cqbayu.tk&i=78.158.11.226&c=370&ro=0&ref=unknown&_=1420790215821 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 09 Jan 2015 07:56:55 GMT Location: http://fn.hgin.com/&_=1420790216 Server: Apache/1.3.41 (Unix) mod_perl/1.30 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 | clean |
http://fn.hgin.com/&_=1420790216 | HTTP/1.1 302 Found Connection: close Date: Fri, 09 Jan 2015 07:56:56 GMT Location: http://a6shd.realshieldlinked.com/?kw=fn Server: Apache/2.2.15 (CentOS) Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Powered-By: PHP/5.3.3 | clean |
http://cqbayu.tk/templates/_common/_templates/mediaplayer_update_DLI_loadbar_toonimo1_rip/override.js | HTTP/1.1 203 Non-Authoritative Information Cache-Control: no-cache Connection: close Date: Fri, 09 Jan 2015 07:56:56 GMT Pragma: no-cache Server: nginx/1.6.2 Vary: Accept-Encoding Content-Length: 637 Content-Type: text/html;charset=UTF-8 Expires: Thu, 01 Jan 1970 00:00:00 GMT Set-Cookie: JSESSIONID=6AB6FE127CB3C40C0ED07BEFB24B1101; Path=/; HttpOnly X-Server: 38d9a7d57bb9 | clean |
http://domain.dot.tk/p/?d=cqbayu.tk&i=78.158.11.226&c=370&ro=0&ref=unknown&_=1420790216578 | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 09 Jan 2015 07:56:56 GMT Location: http://fn.hgin.com/&_=1420790216 Server: Apache/1.3.41 (Unix) mod_perl/1.30 Content-Length: 0 Content-Type: text/html; charset=ISO-8859-1 | clean |