Scanned pages/files
Request | Server response | Status |
http://hengshuilake.com/ | 200 OK Content-Length: 46691 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/pagelayer/pagelayer.js?0004 | 200 OK Content-Length: 26075 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91572 Content-Type: application/x-javascript | clean |
http://lofter.ph.126.net/yxPNwg69q8y9BovPBYmoyw==/6597122543214133685.js | 200 OK Content-Length: 5881 Content-Type: application/javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0006 | 200 OK Content-Length: 7174 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19650 Content-Type: application/x-javascript | clean |
http://hengshuilake.com/view | 200 OK Content-Length: 77744 Content-Type: text/html | clean |
http://l.bst.126.net/s/core.js?38f92d7d456f92d2bda5272f6f2c7a9e | 200 OK Content-Length: 85344 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/s/pt_page_archive.js?c3a34ee47bccf540c3c49f021dd7551f | 200 OK Content-Length: 75323 Content-Type: application/x-javascript | clean |
http://hengshuilake.com/test404page.js | 404 Not Found Content-Length: 6326 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
http://hengshuilake.com/rss | 200 OK Content-Length: 67814 Content-Type: text/xml | clean |
http://hengshuilake.com/app?from=theme | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 09 Sep 2014 04:51:50 GMT Location: http://www.lofter.com/app/hengshuilake?from=theme Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: NTESLOFTSI=40EFB434848F381AB683E8094FF3CE6E.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fgouappdownload.do%3Fmydomain%3Dhengshuilake.com%26from%3Dtheme|; Domain=.lofter.com; Expires=Wed, 10-Sep-2014 04:51:50 GMT; Path=/ | clean |
http://www.lofter.com/app/hengshuilake?from=theme | 200 OK Content-Length: 96709 Content-Type: text/html | clean |
http://l.bst.126.net/s/pt_page_uapp_uappDownload.js?a5191fc2cf2e0ec3e2ce20886498c958 | 200 OK Content-Length: 91956 Content-Type: application/x-javascript | clean |
http://hengshuilake.com/login | 404 Not Found Content-Length: 6326 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hengshuilake.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 09 Sep 2014 04:51:29 GMT
Server: nginx
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Set-Cookie: NTESLOFTSI=86A87EF400931EDB07E7FC1E11583D07.lofter0-8010; Domain=.www.lofter.com; Path=/
Set-Cookie: firstentry=%2Fblogindex.do%3Fmydomain%3Dhengshuilake.com%26|; Domain=.lofter.com; Expires=Wed, 10-Sep-2014 04:51:29 GMT; Path=/
GET / HTTP/1.1
Host: hengshuilake.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 09 Sep 2014 04:51:29 GMT
Server: nginx
Vary: Accept-Encoding
Vary: Accept-Encoding
Content-Type: text/html;charset=UTF-8
Set-Cookie: NTESLOFTSI=86A87EF400931EDB07E7FC1E11583D07.lofter0-8010; Domain=.www.lofter.com; Path=/
Set-Cookie: firstentry=%2Fblogindex.do%3Fmydomain%3Dhengshuilake.com%26|; Domain=.lofter.com; Expires=Wed, 10-Sep-2014 04:51:29 GMT; Path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: hengshuilake.com
Referer: http://www.google.com/search?q=hengshuilake.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hengshuilake.com
Referer: http://www.google.com/search?q=hengshuilake.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hengshuilake.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://hengshuilake.com/
Result: hengshuilake.com is not infected or malware details are not published yet.
Result: hengshuilake.com is not infected or malware details are not published yet.