Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: skycity.com.tw
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 28 Apr 2014 02:06:06 GMT
Pragma: no-cache
Server: Apache/2.2.14 (Fedora)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=uvqe0va0h5gclrkaehuoqsfn67; path=/
Set-Cookie: style=3; expires=Mon, 28-Apr-2014 03:06:06 GMT; path=/
Set-Cookie: cartoonimage=%2Fcartoon%2Fimage%2F001.gif; expires=Thu, 21-Aug-2014 19:52:45 GMT; path=/
Set-Cookie: cartoonimage=%2Fcartoon%2Fimage%2F001.gif; expires=Thu, 21-Aug-2014 19:52:45 GMT; path=/
X-Powered-By: PHP/5.2.9
GET / HTTP/1.1
Host: skycity.com.tw
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 28 Apr 2014 02:06:06 GMT
Pragma: no-cache
Server: Apache/2.2.14 (Fedora)
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=uvqe0va0h5gclrkaehuoqsfn67; path=/
Set-Cookie: style=3; expires=Mon, 28-Apr-2014 03:06:06 GMT; path=/
Set-Cookie: cartoonimage=%2Fcartoon%2Fimage%2F001.gif; expires=Thu, 21-Aug-2014 19:52:45 GMT; path=/
Set-Cookie: cartoonimage=%2Fcartoon%2Fimage%2F001.gif; expires=Thu, 21-Aug-2014 19:52:45 GMT; path=/
X-Powered-By: PHP/5.2.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: skycity.com.tw
Referer: http://www.google.com/search?q=skycity.com.tw
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: skycity.com.tw
Referer: http://www.google.com/search?q=skycity.com.tw
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://skycity.com.tw/ | 200 OK Content-Length: 33087 Content-Type: text/html | clean |
http://skycity.com.tw/guestboard/ | 200 OK Content-Length: 16910 Content-Type: text/html | clean |
http://skycity.com.tw/guestbook/ | 200 OK Content-Length: 17253 Content-Type: text/html | clean |
http://skycity.com.tw/flash/ | 200 OK Content-Length: 60891 Content-Type: text/html | clean |
http://skycity.com.tw/game/ | 200 OK Content-Length: 28779 Content-Type: text/html | clean |
http://skycity.com.tw/pcgame/ | 200 OK Content-Length: 27291 Content-Type: text/html | clean |
http://skycity.com.tw/down/ | 200 OK Content-Length: 81639 Content-Type: text/html | clean |
http://skycity.com.tw/share/ | 200 OK Content-Length: 19674 Content-Type: text/html | clean |
http://skycity.com.tw/scan/ | 200 OK Content-Length: 16372 Content-Type: text/html | clean |
http://skycity.com.tw/freehd/ | 200 OK Content-Length: 18395 Content-Type: text/html | clean |
http://skycity.com.tw/gamemenu/ | 200 OK Content-Length: 22013 Content-Type: text/html | clean |
http://skycity.com.tw/msn/ | 200 OK Content-Length: 13921 Content-Type: text/html | clean |
http://skycity.com.tw/webtv/ | 200 OK Content-Length: 40424 Content-Type: text/html | clean |
http://skycity.com.tw/teach/ | 200 OK Content-Length: 20020 Content-Type: text/html | clean |
http://skycity.com.tw/teach-linux/ | 200 OK Content-Length: 101841 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=skycity.com.tw
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://skycity.com.tw/
Result: skycity.com.tw is not infected or malware details are not published yet.
Result: skycity.com.tw is not infected or malware details are not published yet.