Re: ] 亚洲泵网-中国水泵行业知名权威门户网站-B2B电子商务平台
See: https://www.virustotal.com/en/url/c62249e1fc27cdc63563118f3da6f51e40392c652514fe72a5838fafe23c6ac7/analysis/1417219718/
where it is missed as here: http://sitecheck.sucuri.net/results/lcpump.com
Quttera’s detect: http://quttera.com/detailed_report/lcpump.com & killmalware:
SE visitors redirects
Chain of redirects found:
to: htxp://www.asiapump.cn
15 sites infected with redirects to this URL
to: htxp://beng.liuti.cn
This however is not adding to hosting security: http://sameip.net/ip223.4.156.154
Test vectors http://sameip.net/ip223.4.156.154 & VisualSVN Server - SSL Subject: commonName=WHZD011555Url=beng.liuti.cn
Excessive Header Warning and Clickjacking Warning: https://asafaweb.com/Scan?Url=beng.liuti.cn
Warnings: http://www.dnsinspect.com/lcpump.com/1417220596
http://www.site-scan.com/eng/show_headers.php?REQUEST=GET&URL=http://lcpump.com&MODIFIED=0

polonus

Some additional vulnerability spotted:

Site is also more vulnerable to Ddos attacks, because we see: Operation is not valid due to the current state of the object.
(for this see the info from the asafaweb scan results - -http://beng.liuti.cn/ (POST 1,001 params) (exeeded total params).
This error occurs when form fields are very large in numbers.
By default, the maximum value of MaxHttpCollection is 1000.
Can be remedied by

<appSettings>
    <add key="aspnet:MaxHttpCollectionKeys" value="2001" />
 </appSettings>

Info Credits go to CodeProject’s Sarvesh Kumar Gupta,

polonus