Scanned pages/files
| Request | Server response | Status |
http://lyjz.com/ | HTTP/1.1 302 Object moved Cache-Control: private Date: Mon, 31 Aug 2015 02:29:25 GMT Location: http://host.4cun.com/park.asp?domain=lyjz.com Server: WWW Server/1.1 Content-Length: 166 Content-Type: text/html; Charset=gb2312 Set-Cookie: ASPSESSIONIDASADQTAD=EMAMKMMBOOJODPPFOPJGOJDP; path=/ X-Powered-By: ASP.NET X-Safe-Firewall: zhuji.360.cn 1.0.8.3 F1W1 | clean |
http://host.4cun.com/park.asp?domain=lyjz.com | HTTP/1.1 500 Internal Server Error Cache-Control: private Date: Mon, 31 Aug 2015 02:29:18 GMT Server: Apache/2.2.3 (Red Hat) Content-Length: 1963 Content-Type: text/html Set-Cookie: ASPSESSIONIDAQCSQABT=MNCAJJFBPICCKBPEAFKPDGPK; path=/ X-Powered-By: WAF/2.0 | clean |
http://sp3.cndm.com/?dm=lyjz.com&acc=6769d60e-eec8-a451-7ac2-e752895444d7&noscript=1 | 200 OK Content-Length: 14748 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var unique=(function(){var time=(new Date()).getTime()+'_',i=0;return function(){return time+(i++)}})();var gl={trackingurl:'http://sp3.cndm.com/tracking.php',searchurl:'/'};var err={errorcode:0,errormsg:''};var google_afd_request={};var secondtier_request={dm:'lyjz.com',sk:'',partner:'bd3',format:'json',sac:'',oc:false};var req={dm:'lyjz.com',acc:'6769d60e-eec8-a451-7ac2-e752895444d7',landerid:292,cate:0,buy:true,adultallowed:true,cusbuy:'<div style="color:#eee;text-align:left;padding:0 0 0 Antivirus reports:
| ||
http://a1.dnbizcdn.com/js/b/client1506231.js | 200 OK Content-Length: 2316 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/domain_parking.js | 200 OK Content-Length: 174780 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/ci.js | 200 OK Content-Length: 71507 Content-Type: application/x-javascript | clean |
http://a1.dnbizcdn.com/js/b/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: application/x-javascript | clean |
http://a1.dnbizcdn.com/js/b/caf.js | 200 OK Content-Length: 8900 Content-Type: application/x-javascript | clean |
http://lyjz.com/test404page.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lyjz.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Mon, 31 Aug 2015 02:29:25 GMT
Location: http://host.4cun.com/park.asp?domain=lyjz.com
Server: WWW Server/1.1
Content-Length: 166
Content-Type: text/html; Charset=gb2312
Set-Cookie: ASPSESSIONIDASADQTAD=EMAMKMMBOOJODPPFOPJGOJDP; path=/
X-Powered-By: ASP.NET
X-Safe-Firewall: zhuji.360.cn 1.0.8.3 F1W1
...166 bytes of data.
GET / HTTP/1.1
Host: lyjz.com
Result:
HTTP/1.1 302 Object moved
Cache-Control: private
Date: Mon, 31 Aug 2015 02:29:25 GMT
Location: http://host.4cun.com/park.asp?domain=lyjz.com
Server: WWW Server/1.1
Content-Length: 166
Content-Type: text/html; Charset=gb2312
Set-Cookie: ASPSESSIONIDASADQTAD=EMAMKMMBOOJODPPFOPJGOJDP; path=/
X-Powered-By: ASP.NET
X-Safe-Firewall: zhuji.360.cn 1.0.8.3 F1W1
...166 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lyjz.com
Referer: http://www.google.com/search?q=lyjz.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lyjz.com
Referer: http://www.google.com/search?q=lyjz.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lyjz.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lyjz.com/
Result: lyjz.com is not infected or malware details are not published yet.
Result: lyjz.com is not infected or malware details are not published yet.