Scanned pages/files
Request | Server response | Status |
http://www.ttyx8.com/ | HTTP/1.1 200 OK Cache-Control: max-age=60 Connection: close Date: Sun, 05 Oct 2014 07:49:28 GMT Accept-Ranges: bytes ETag: "241fd8d918dfcf1:26a9" Content-Length: 116928 Content-Location: http://www.ttyx8.com/index.html Content-Type: text/html Expires: Sun, 05 Oct 2014 07:50:28 GMT Last-Modified: Fri, 03 Oct 2014 14:46:44 GMT X-Cache: miss X-Died: timeout at scan.pm line 1546. X-Server: nanning01-cdn16.fhl | clean |
http://www.ttyx8.com/index.html | 200 OK Content-Length: 116928 Content-Type: text/html | clean |
http://www.ttyx8.com/iframe/loginjs.php | 200 OK Content-Length: 605 Content-Type: text/html | clean |
http://www.ttyx8.com/test404page.js | 404 Not Found Content-Length: 5091 Content-Type: text/html | clean |
http://yunjiasu.baidu.com/static/js/http_error.js?20130724 | 200 OK Content-Length: 248 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea14.js | 200 OK Content-Length: 18 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea13.js | 200 OK Content-Length: 290 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea11.js | 200 OK Content-Length: 214 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea1.js | 200 OK Content-Length: 1140 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<script type=\"text/javascript\">/*×Ô¶¨Òå±êÇ©ÔÆ£¬´´½¨ÓÚ2014-3-19*/var cpro_id = \"u1493558\";</script><script src=\"http://cpro.baidustatic.com/cpro/ui/c.js\" type=\"text/javascript\"></script>")
Antivirus reports:
| ||
http://www.ttyx8.com/data/js/acmsd/thea2.js | 200 OK Content-Length: 18 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea12.js | 200 OK Content-Length: 612 Content-Type: application/x-javascript | clean |
http://www.ttyx8.com/data/js/acmsd/thea4.js | 200 OK Content-Length: 37 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ttyx8.com
Result:
GET / HTTP/1.1
Host: ttyx8.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ttyx8.com
Referer: http://www.google.com/search?q=ttyx8.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ttyx8.com
Referer: http://www.google.com/search?q=ttyx8.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ttyx8.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ttyx8.com/
Result: ttyx8.com is not infected or malware details are not published yet.
Result: ttyx8.com is not infected or malware details are not published yet.