Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://whjlzs.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: whjlzs.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 28 May 2014 12:47:26 GMT Via: 1.1 id201211261328000:80 (squid/2.7.STABLE8) Location: http://guanfang8.diandian.com/ Server: Microsoft-IIS/6.0 Content-Type: text/html X-Cache: MISS from id201211261328000 X-Cache-Lookup: MISS from id201211261328000:80 X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | malicious |
Scanned pages/files
Request | Server response | Status |
http://whjlzs.com/ | 200 OK Content-Length: 28212 Content-Type: text/html | clean |
http://whjlzs.com/base/js/base.js | 200 OK Content-Length: 31131 Content-Type: application/x-javascript | clean |
http://whjlzs.com/base/js/common.js | 200 OK Content-Length: 10754 Content-Type: application/x-javascript | clean |
http://whjlzs.com/base/js/form.js | 200 OK Content-Length: 16332 Content-Type: application/x-javascript | clean |
http://whjlzs.com/base/js/blockui.js | 200 OK Content-Length: 12516 Content-Type: application/x-javascript | clean |
http://whjlzs.com/advs/js/advsheadlb.js | 200 OK Content-Length: 702 Content-Type: application/x-javascript | clean |
http://whjlzs.com/menu/js/channelmenu.js | 200 OK Content-Length: 478 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
function showMenu(n){ var smenudiv = document.getElementById("smenu"); obj=smenudiv.getElementsByTagName("ul"); for(var i=0;i<obj.length;i++){ if(i==n){ obj[i].style.display="block"; document.getElementById("mainmenu").getElementsByTagName("a")[i].className='current'; }else{ obj[i].style.display="none"; document.getElementById("mainmenu").getElementsByTagName("a")[i].className=''; } } } --> Antivirus reports:
| ||
http://whjlzs.com/advs/js/yu200712201.js | 200 OK Content-Length: 87728 Content-Type: application/x-javascript | clean |
http://whjlzs.com/advs/js/yu200712202.js | 200 OK Content-Length: 9470 Content-Type: application/x-javascript | clean |
http://bdimg.share.baidu.com/static/js/bds_s_v2.js?cdnversion=385018 | 200 OK Content-Length: 26180 Content-Type: text/javascript | clean |
http://bdimg.share.baidu.com/static/js/logger.js?cdnversion=385018 | 200 OK Content-Length: 5881 Content-Type: text/javascript | clean |
http://code.54kefu.net/kefu/js/121/175321.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://code.54kefu.net/test404page.js | 404 Not Found Content-Length: 570 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whjlzs.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whjlzs.com/
Result: whjlzs.com is not infected or malware details are not published yet.
Result: whjlzs.com is not infected or malware details are not published yet.