Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: weitong-mj.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 21:08:47 GMT
Server: Microsoft-IIS/7.0
Content-Length: 9872
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCAACTDAT=AIMJAPMDHBGCAHDEAEKKMBJM; path=/
X-Powered-By: ASP.NET
...9872 bytes of data.
GET / HTTP/1.1
Host: weitong-mj.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 21:08:47 GMT
Server: Microsoft-IIS/7.0
Content-Length: 9872
Content-Type: text/html
Set-Cookie: ASPSESSIONIDCAACTDAT=AIMJAPMDHBGCAHDEAEKKMBJM; path=/
X-Powered-By: ASP.NET
...9872 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: weitong-mj.com
Referer: http://www.google.com/search?q=weitong-mj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: weitong-mj.com
Referer: http://www.google.com/search?q=weitong-mj.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://weitong-mj.com/ | 200 OK Content-Length: 9872 Content-Type: text/html | clean |
http://weitong-mj.com/client.js | 200 OK Content-Length: 242 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/domain_parking.js | 200 OK Content-Length: 174780 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/ci.js | 200 OK Content-Length: 71507 Content-Type: application/x-javascript | clean |
http://cpro.baidustatic.com/cpro/ui/dp.js | 200 OK Content-Length: 2340 Content-Type: application/x-javascript | clean |
http://www.vip800.com/data/static/69b479713cbdd57876172eb41fb8bb4a.js | 200 OK Content-Length: 92199 Content-Type: application/x-javascript | clean |
http://www.vip800.com/22t.js | 200 OK Content-Length: 1099 Content-Type: text/html | clean |
http://www.vip800.com/index.php?m=jump&a=tgo&id= | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Date: Sat, 04 Oct 2014 17:12:54 GMT Pragma: no-cache Location: http://www.vip800.com/?22_t Server: Microsoft-IIS/7.5 Content-Length: 150 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=q7ol1kmiulg3ofulur3s83u6g6; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://www.vip800.com/?22_t | 200 OK Content-Length: 300637 Content-Type: text/html | clean |
http://g.tbcdn.cn/kissy/k/1.4.1/seed-min.js | 200 OK Content-Length: 44675 Content-Type: application/x-javascript | clean |
http://tjs.sjs.sinajs.cn/open/api/js/wb.js | 200 OK Content-Length: 34223 Content-Type: application/x-javascript | clean |
http://www.vip800.com/static/vip800/javascript/search_top.js | 200 OK Content-Length: 5022 Content-Type: application/x-javascript | clean |
http://www.vip800.com/mobile/ | 200 OK Content-Length: 7600 Content-Type: text/html | clean |
http://www.vip800.com/mobile/VIP800.apk | 200 OK Content-Length: 300111 Content-Type: application/vnd.android.package-archive | clean |
http://www.vip800.com/test404page.js | 200 OK Content-Length: 16058 Content-Type: text/html | clean |
http://www.vip800.com/data/static/78df5a3f36d83192e43966bc05d643b2.js | 200 OK Content-Length: 88382 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=weitong-mj.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://weitong-mj.com/
Result: weitong-mj.com is not infected or malware details are not published yet.
Result: weitong-mj.com is not infected or malware details are not published yet.