Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shtuangou.com
Result:
GET / HTTP/1.1
Host: shtuangou.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: shtuangou.com
Referer: http://www.google.com/search?q=shtuangou.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shtuangou.com
Referer: http://www.google.com/search?q=shtuangou.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.shtuangou.com/ | HTTP/1.1 301 Moved Permanently Connection: Keep-alive Date: Tue, 09 Sep 2014 21:16:53 GMT Via: 1.1 ID-0001544136077475 uproxy-5 Location: http://www.tg.com.cn/ Server: Apache Vary: Accept-Encoding Content-Length: 229 Content-Type: text/html; charset=iso-8859-1 Keep-Alive: timeout=15, max=100 | clean |
http://www.tg.com.cn/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 09 Sep 2014 21:14:32 GMT Via: 1.1 ID-0001544136101631 uproxy-3 Location: http://www.jia.com/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Set-Cookie: tgsid=9cd459762953a98958db974f59612371; expires=Wed, 09-Sep-2015 21:14:32 GMT; path=/; domain=.tg.com.cn | clean |
http://www.jia.com/ | 200 OK Content-Length: 99006 Content-Type: text/html | clean |
http://ued.jia.com/js/common/jquery.js?v=20120901 | 200 OK Content-Length: 91594 Content-Type: application/x-javascript | clean |
http://ued.jia.com/js/common/comm.js?v=20120901 | 200 OK Content-Length: 15330 Content-Type: application/x-javascript | clean |
http://gao.tg.com.cn/site_admin/index.php?c=pos/show&id=24&area=other | 200 OK Content-Length: 14387 Content-Type: text/html | clean |
http://gao.tg.com.cn/site_admin/index.php?c=pos/ | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: Keep-alive Date: Tue, 09 Sep 2014 21:14:44 GMT Pragma: no-cache Via: 1.1 ID-0001544136101631 uproxy-5 Location: /site_admin/index.php?c=user/login&m=login Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: tgsid=4f47f726e775f4301fd48afe6e0f64b9; expires=Wed, 09-Sep-2015 21:14:44 GMT; path=/; domain=.tg.com.cn Set-Cookie: PHPSESSID=urgnsd127bnb1326546l5m50j2; path=/; domain=.tg.com.cn | clean |
http://gao.tg.com.cn/site_admin/index.php?c=user/login&m=login | 200 OK Content-Length: 4886 Content-Type: text/html | clean |
http://gao.tg.com.cn/site_admin/index.php?c=user/ui/jquery.js | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: Keep-alive Date: Tue, 09 Sep 2014 21:14:48 GMT Pragma: no-cache Via: 1.1 ID-0001544136101631 uproxy-3 Location: /site_admin/index.php?c=user/login&m=login Server: Apache/2.2.27 (Unix) DAV/2 PHP/5.3.28 Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: tgsid=ca7820ad7756ed4729a713103a8695f0; expires=Wed, 09-Sep-2015 21:14:48 GMT; path=/; domain=.tg.com.cn Set-Cookie: PHPSESSID=c243jvvsha40r8bcppv7jgo7m7; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://gao.tg.com.cn/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://mall.jia.com/new_top_nav_js_v2 | 200 OK Content-Length: 11927 Content-Type: text/html | clean |
https://passport.jia.com/cas/login/user?r="+Math.random()+" | 200 OK Content-Length: 16 | clean |
http://ued.jia.com/js/common/set_citycookie.js?v=20140713 | 200 OK Content-Length: 1667 Content-Type: application/x-javascript | clean |
http://ued.jia.com/js/common/all_city.js?v=20140713 | 200 OK Content-Length: 8231 Content-Type: application/x-javascript | clean |
http://ued.jia.com/js/common/nav_pop.js | 200 OK Content-Length: 2756 Content-Type: application/x-javascript | clean |
http://ued.jia.com/js/common/notice.js?v=20140821 | 200 OK Content-Length: 1031 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shtuangou.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shtuangou.com/
Result: shtuangou.com is not infected or malware details are not published yet.
Result: shtuangou.com is not infected or malware details are not published yet.