Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.heguangzhong.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.heguangzhong.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 13 May 2014 19:55:05 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.heguangzhong.com&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | malicious |
URL: http://www.lofter.com/mydomainr.do?domain=www.heguangzhong.com&path=/ (imitation of visitor from search engine) GET /mydomainr.do?domain=www.heguangzhong.com&path=/ HTTP/1.1 Host: www.lofter.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 13 May 2014 19:55:06 GMT Location: http://heguangzhong.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=275C4D606C44C1F87294496EBB57A680.blog197-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dwww.heguangzhong.com%26path%3D%2F|http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dwww.heguangzhong.com%26source%3Dweb%26cd%3D1%26ved%3D0CDEQFjAG%26url%3Dhttp%3A%252F%252Fwww.heguangzhong.com%252F%26ei%3DwC7yT5qCJbCCkQKtnwE%26usg%3DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg; Domain=.lofter.com; Expires=Wed, 14-May-2014 19:55:05 GMT; Path=/ Set-Cookie: usertrack=ZUcIhFNyeJqx0zACD5A2Ag==; expires=Wed, 13-May-15 19:55:06 GMT; domain=lofter.com; path=/ | suspicious |
Scanned pages/files
Request | Server response | Status |
http://www.heguangzhong.com/ | 200 OK Content-Length: 13220 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91572 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0005 | 200 OK Content-Length: 2224 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19378 Content-Type: application/x-javascript | clean |
http://www.heguangzhong.com/test404page.js | 404 Not Found Content-Length: 5178 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=heguangzhong.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://heguangzhong.com/
Result: heguangzhong.com is not infected or malware details are not published yet.
Result: heguangzhong.com is not infected or malware details are not published yet.