Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 1192010.jjwxc.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 04 Apr 2014 11:39:59 GMT
Location: http://www.jjwxc.net/oneauthor.php?authorid=1192010
Content-Length: 160
Content-Type: text/html
...160 bytes of data.
GET / HTTP/1.1
Host: 1192010.jjwxc.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Fri, 04 Apr 2014 11:39:59 GMT
Location: http://www.jjwxc.net/oneauthor.php?authorid=1192010
Content-Length: 160
Content-Type: text/html
...160 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 1192010.jjwxc.net
Referer: http://www.google.com/search?q=1192010.jjwxc.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 1192010.jjwxc.net
Referer: http://www.google.com/search?q=1192010.jjwxc.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://1192010.jjwxc.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 04 Apr 2014 11:39:59 GMT Location: http://www.jjwxc.net/oneauthor.php?authorid=1192010 Content-Length: 160 Content-Type: text/html | clean |
http://www.jjwxc.net/oneauthor.php?authorid=1192010 | 200 OK Content-Length: 33710 Content-Type: text/html | clean |
http://partner.googleadservices.com/gampad/google_service.js | 200 OK Content-Length: 3878 Content-Type: text/javascript | clean |
http://drmcmm.baidu.com/js/m.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 04 Apr 2014 11:40:01 GMT Location: http://cbjs.baidu.com/js/m.js Server: apache Content-Length: 0 | clean |
http://cbjs.baidu.com/js/m.js | 200 OK Content-Length: 24846 Content-Type: application/x-javascript | clean |
http://www.jjwxc.net/scripts/check.js?var=20131224 | 200 OK Content-Length: 1037 Content-Type: application/x-javascript | clean |
http://w.cnzz.com/c.php?id=30075907 | 200 OK Content-Length: 9622 Content-Type: application/javascript | clean |
http://1192010.jjwxc.net/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 04 Apr 2014 11:40:07 GMT Location: http://www.jjwxc.net/oneauthor.php?authorid=1192010 Content-Length: 160 Content-Type: text/html | clean |
http://www.jjwxc.net/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 04 Apr 2014 11:40:08 GMT Via: 1.1 jx100.powercdn.com (PowerCDN/2.4) Location: http://www.jjwxc.net/error404.php Content-Length: 160 Content-Type: text/html PowerCDN: MISS from jx100.powercdn.com X-Cache: MISS from CU-0-176-ZZ-JJCDN X-Cache-Lookup: MISS from CU-0-176-ZZ-JJCDN:80 | clean |
http://www.jjwxc.net/error404.php | 200 OK Content-Length: 2148 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=1192010.jjwxc.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://1192010.jjwxc.net/
Result: 1192010.jjwxc.net is not infected or malware details are not published yet.
Result: 1192010.jjwxc.net is not infected or malware details are not published yet.