Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xdedu.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 19:10:11 GMT
Server: Microsoft-IIS/7.5
Content-Length: 115870
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=l12fvdvitwhv35uzydvt0a45; path=/; HttpOnly
Set-Cookie: tpnewstitle1=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle2=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle3=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle4=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle5=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...115870 bytes of data.
GET / HTTP/1.1
Host: xdedu.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 19:10:11 GMT
Server: Microsoft-IIS/7.5
Content-Length: 115870
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=l12fvdvitwhv35uzydvt0a45; path=/; HttpOnly
Set-Cookie: tpnewstitle1=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle2=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle3=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle4=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
Set-Cookie: tpnewstitle5=; path=/
Set-Cookie: MyCook=tpnewsid1=20728&tpnewstitle1=åºæè²å±å¬å¼å ç群ä¼è·¯çº¿æè²å®&tpnewspic1=20140930pcht2.jpg &tpnewsid2=20727&tpnewstitle2=æ°é½åºå¬å¼2013-2014å¦&tpnewspic2=20140929bzht2.jpg &tpnewsid3=20654&tpnewstitle3=æ°é½åºä¸¾åâæé½æ°åå¦æ ¡âæ ¡çº§&tpnewspic3=20140923szpxt2.jpg &tpnewsid4=20653&tpnewstitle4=æ°é½åºä¸¾å2014å¹´ä¸å°å¦æå¸&tpnewspic4=20140923dzbbt2.jpg &tpnewsid5=20586&tpnewstitle5=å´ç»ä¸å¿ çªåºéç¹ å¢å¼ºå·¥&tpnewspic5=20140918dxht2.jpg ; expires=Sat, 04-Oct-2014 19:10:16 GMT; path=/
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
...115870 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xdedu.net
Referer: http://www.google.com/search?q=xdedu.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xdedu.net
Referer: http://www.google.com/search?q=xdedu.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://xdedu.net/ | 200 OK Content-Length: 115870 Content-Type: text/html | clean |
http://xdedu.net/js/gg.js | 200 OK Content-Length: 1163 Content-Type: application/x-javascript | clean |
http://xdedu.net/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91556 Content-Type: application/x-javascript | clean |
http://xdedu.net/list.aspx?newstypeid=61 | 200 OK Content-Length: 40970 Content-Type: text/html | clean |
http://xdedu.net/eduinfo.aspx | 200 OK Content-Length: 35730 Content-Type: text/html | clean |
http://xdedu.net/WebResource.axd?d=ESpwV-0O8U_WjHEqBgFB2wrXrLsOdSUgkwc0y3pIAokq4y8Bj-Zs2oPDI-dU5MgvCH4VIWnJfaXQBg-i_PT2CkicWVk1&t=634259354654344891 | 200 OK Content-Length: 20794 Content-Type: application/x-javascript | clean |
http://xdedu.net/WebResource.axd?d=G9TXnIaTtHa60XZKyW-JIQ1jgzjKBwd8EYI3CXYG_Xi2Pd4qs9cWfPKu56UGwOFqmmOmZf_cx21JK9imQT_oK28royA1&t=634259354654344891 | 200 OK Content-Length: 9348 Content-Type: application/x-javascript | clean |
http://xdedu.net/schoolinfo.aspx | 200 OK Content-Length: 71846 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=11 | 200 OK Content-Length: 76711 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=12 | 200 OK Content-Length: 43042 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=13 | 200 OK Content-Length: 77117 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=14 | 200 OK Content-Length: 41101 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=15 | 200 OK Content-Length: 43249 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=21 | 200 OK Content-Length: 41691 Content-Type: text/html | clean |
http://xdedu.net/list.aspx?newstypeid=22 | 200 OK Content-Length: 33349 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xdedu.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xdedu.net/
Result: xdedu.net is not infected or malware details are not published yet.
Result: xdedu.net is not infected or malware details are not published yet.