Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: siyb.com.cn
Result:
HTTP/1.1 200 OK
Date: Sat, 21 Jun 2014 21:04:30 GMT
Accept-Ranges: bytes
ETag: "da3d5e65a45ecf1:d709"
Server: Microsoft-IIS/6.0
Content-Length: 35453
Content-Type: text/html
Last-Modified: Wed, 23 Apr 2014 03:30:38 GMT
X-Powered-By: ASP.NET
...35453 bytes of data.
GET / HTTP/1.1
Host: siyb.com.cn
Result:
HTTP/1.1 200 OK
Date: Sat, 21 Jun 2014 21:04:30 GMT
Accept-Ranges: bytes
ETag: "da3d5e65a45ecf1:d709"
Server: Microsoft-IIS/6.0
Content-Length: 35453
Content-Type: text/html
Last-Modified: Wed, 23 Apr 2014 03:30:38 GMT
X-Powered-By: ASP.NET
...35453 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: siyb.com.cn
Referer: http://www.google.com/search?q=siyb.com.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: siyb.com.cn
Referer: http://www.google.com/search?q=siyb.com.cn
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://siyb.com.cn/ | 200 OK Content-Length: 35453 Content-Type: text/html | clean |
http://siyb.com.cn/siteApp/js/util.js | 200 OK Content-Length: 10559 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/siteApp/js/calendar_style1.js | 200 OK Content-Length: 16724 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/siteApp/js/mt_dropdownC.js | 200 OK Content-Length: 15864 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/siteApp/js/mt_dropdown_initialize.js | 200 OK Content-Length: 1518 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/siteApp/js/swfobject.js | 200 OK Content-Length: 6722 Content-Type: application/x-javascript | clean |
http://js.tongji.linezing.com/1172903/tongji.js | 200 OK Content-Length: 12982 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/htm/6154/104324.html | 200 OK Content-Length: 9499 Content-Type: text/html | clean |
http://siyb.com.cn/htm/6154/ | 403 Forbidden Content-Length: 5656 | clean |
http://chat8.live800.com/live800/chatClient/floatButton.js?jid=2989811613&companyID=62728&configID=51340&codeType=custom | 200 OK Content-Length: 1315 Content-Type: application/x-javascript | clean |
http://s100.cnzz.com/stat.php?id=494770&web_id=494770&show=pic | 200 OK Content-Length: 9322 Content-Type: application/javascript | clean |
http://js.tongji.yahoo.com.cn/0/49/377/ystat.js | 500 Can't connect to js.tongji.yahoo.com.cn:80 (Bad hostname) Content-Length: 176 Content-Type: text/plain | clean |
http://js.tongji.yahoo.com.cn/test404page.js | 500 Can't connect to js.tongji.yahoo.com.cn:80 (Bad hostname) Content-Length: 176 Content-Type: text/plain | clean |
http://chat8.live800.com/live800/chatClient/monitor.js?jid=2989811613&companyID=62728&configID=49891&codeType=custom | 200 OK Content-Length: 17 Content-Type: application/x-javascript | clean |
http://siyb.com.cn/htm/6154/104325.html | 200 OK Content-Length: 16142 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=siyb.com.cn
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://siyb.com.cn/
Result: siyb.com.cn is not infected or malware details are not published yet.
Result: siyb.com.cn is not infected or malware details are not published yet.