Scanned pages/files
| Request | Server response | Status |
http://dawnfu.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 10 Apr 2014 03:31:13 GMT Location: http://www.lofter.com/mydomainr.do?domain=dawnfu.com&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=dawnfu.com&path=/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 10 Apr 2014 03:31:17 GMT Location: http://dawnfu.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=C524EA27F057B0ED24CCF9543B04A835.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Ddawnfu.com%26path%3D%2F|; Domain=.lofter.com; Expires=Fri, 11-Apr-2014 03:31:17 GMT; Path=/ Set-Cookie: usertrack=ZUcIhFNGEIUhuTecHYyQAg==; expires=Fri, 10-Apr-15 03:31:17 GMT; domain=lofter.com; path=/ | clean |
http://dawnfu.lofter.com/?mydomainr=true | 200 OK Content-Length: 8385 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 305 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 36500 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 29200 Content-Type: application/x-javascript | clean |
http://lofter.ph.126.net/pQeyT14u25zk0ZdoPFRSHQ==/5629532519561955887.js | 200 OK Content-Length: 32120 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/YE6dtusTrUfQMmKmBV76Dw==/5629532519561955885.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/Fsr9eFBLfKSm4LbX9TwPEw==/5629532519561955886.js | 200 OK Content-Length: 1392 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/GD28Aa-eiAGW_ItPO-Llcg==/5629532519561955883.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://lofter.ph.126.net/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://lofter.ph.126.net/A7qCYYYbLty_iWlZvJJ7gw==/5629531420050329856.js | 200 OK Content-Length: 5840 Content-Type: application/javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0005 | 200 OK Content-Length: 2224 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19367 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dawnfu.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 10 Apr 2014 03:31:13 GMT
Location: http://www.lofter.com/mydomainr.do?domain=dawnfu.com&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
GET / HTTP/1.1
Host: dawnfu.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Thu, 10 Apr 2014 03:31:13 GMT
Location: http://www.lofter.com/mydomainr.do?domain=dawnfu.com&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: dawnfu.com
Referer: http://www.google.com/search?q=dawnfu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dawnfu.com
Referer: http://www.google.com/search?q=dawnfu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dawnfu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dawnfu.com/
Result: dawnfu.com is not infected or malware details are not published yet.
Result: dawnfu.com is not infected or malware details are not published yet.