Scanned pages/files
| Request | Server response | Status |
http://qd88.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 14 Apr 2014 23:57:05 GMT Location: http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 14 Apr 2014 23:57:06 GMT Location: http://wjphoto.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=775107F8A04A97E88DB52D94AA41C732.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dqd88.net%26path%3D%2F|; Domain=.lofter.com; Expires=Tue, 15-Apr-2014 23:57:06 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1NMddIC1X+nCPd7Ag==; expires=Tue, 14-Apr-15 23:57:06 GMT; domain=lofter.com; path=/ | clean |
http://wjphoto.lofter.com/?mydomainr=true | 200 OK Content-Length: 25894 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 383 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://lofter.ph.126.net/iyTFAbRX4FpicM6bk_ks9A==/5629540216143351129.js | 200 OK Content-Length: 93868 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/Jl1BHfVTRPi2DEx07puClA==/5629540216143351130.js | 200 OK Content-Length: 5486 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/1J0fGPGjeaY_KLEGEsB68A==/5629536917608467850.js | 200 OK Content-Length: 2120 Content-Type: application/javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0005 | 200 OK Content-Length: 2224 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19367 Content-Type: application/x-javascript | clean |
http://qd88.net/view | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 14 Apr 2014 23:57:17 GMT Location: http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/view Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/view | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 14 Apr 2014 23:57:18 GMT Location: http://wjphoto.lofter.com/view?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=71DD7B85FBA7804D6E76A132E01C0144.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dqd88.net%26path%3D%2Fview|; Domain=.lofter.com; Expires=Tue, 15-Apr-2014 23:57:18 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1NMdd7Br3+NCPDzAg==; expires=Tue, 14-Apr-15 23:57:18 GMT; domain=lofter.com; path=/ | clean |
http://wjphoto.lofter.com/view?mydomainr=true | 200 OK Content-Length: 35492 Content-Type: text/html | clean |
http://l.bst.126.net/s/core.js?0fcf33a739fde2e3dbb43866b2cf927f | 200 OK Content-Length: 85348 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/s/pt_page_archive.js?58fc59bc25861734ae64418e0e0f5c55 | 200 OK Content-Length: 72375 Content-Type: application/x-javascript | clean |
http://qd88.net/test404page.js | 404 Not Found Content-Length: 7966 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 383 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
http://qd88.net/rss | 200 OK Content-Length: 22864 Content-Type: text/xml | clean |
http://qd88.net/post/2276f9_89b445 | 200 OK Content-Length: 9295 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 383 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://qd88.net/post/ | 404 Not Found Content-Length: 7966 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 383 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://qd88.net/post/2276f9_89b42f | 200 OK Content-Length: 9393 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 383 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: qd88.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 14 Apr 2014 23:57:05 GMT
Location: http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
GET / HTTP/1.1
Host: qd88.net
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 14 Apr 2014 23:57:05 GMT
Location: http://www.lofter.com/mydomainr.do?domain=qd88.net&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: qd88.net
Referer: http://www.google.com/search?q=qd88.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: qd88.net
Referer: http://www.google.com/search?q=qd88.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=qd88.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://qd88.net/
Result: qd88.net is not infected or malware details are not published yet.
Result: qd88.net is not infected or malware details are not published yet.