Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xgwfzp.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xgwfzp.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xgwfzp.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 02 Oct 2014 03:15:44 GMT
Server: Microsoft-IIS/6.0
Content-Length: 32077
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASDCAQQT=JMJHHAGCJKMHJMPMECJBLOAJ; path=/
X-Powered-By: ASP.NET
...32077 bytes of data.
GET / HTTP/1.1
Host: xgwfzp.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Thu, 02 Oct 2014 03:15:44 GMT
Server: Microsoft-IIS/6.0
Content-Length: 32077
Content-Type: text/html
Set-Cookie: ASPSESSIONIDASDCAQQT=JMJHHAGCJKMHJMPMECJBLOAJ; path=/
X-Powered-By: ASP.NET
...32077 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xgwfzp.com
Referer: http://www.google.com/search?q=xgwfzp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xgwfzp.com
Referer: http://www.google.com/search?q=xgwfzp.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://xgwfzp.com/ | 200 OK Content-Length: 32077 Content-Type: text/html | clean |
http://www.haofbi.com/js/w.js | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 03:15:21 GMT Location: http://sameid.net/limit.html Server: Apache/2.4.6 (Ubuntu) Content-Length: 212 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: uri=%2Fjs%2Fw%2Ejs;Path=/;Max-Age=31536000 Set-Cookie: ref=direct;Path=/;Max-Age=31536000 | clean |
http://sameid.net/limit.html | 200 OK Content-Length: 5359 Content-Type: text/html | clean |
http://s7.addthis.com/js/250/addthis_widget.js | 200 OK Content-Length: 6875 Content-Type: text/javascript | clean |
http://www.haofbi.com/ | 200 OK Content-Length: 3889 Content-Type: text/html | clean |
http://www.haofbi.com/terms.html | 200 OK Content-Length: 12796 Content-Type: text/html | clean |
http://www.haofbi.com/privacy.html | 200 OK Content-Length: 13346 Content-Type: text/html | clean |
http://www.haofbi.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 03:15:23 GMT Location: http://sameid.net/limit.html Server: Apache/2.4.6 (Ubuntu) Content-Length: 212 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: uri=%2Ftest404page%2Ejs;Path=/;Max-Age=31536000 Set-Cookie: ref=direct;Path=/;Max-Age=31536000 | clean |
http://sameid.net/test404page.js | 404 Not Found Content-Length: 3296 Content-Type: text/html | clean |
http://sameid.net/ | 200 OK Content-Length: 3889 Content-Type: text/html | clean |
http://sameid.net/terms.html | 200 OK Content-Length: 12796 Content-Type: text/html | clean |
http://sameid.net/privacy.html | 200 OK Content-Length: 13346 Content-Type: text/html | clean |
http://www.haofbi.com/order?plan=pp-premium | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 03:15:26 GMT Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick-subscriptions&business=iiveras.lt%40gmail.com&a3=29.99&p3=1&t3=M&src=1&no_note=1&custom=-300-yes-32-e3ac152c&no_shipping=1&return=http%3A%2F%2Fsameid.net%2Fthankyou&rm=2&item_name=SameID%20Premium%20-%20300%20requests%2Fday Server: Apache/2.4.6 (Ubuntu) Content-Length: 501 Content-Type: text/html; charset=iso-8859-1 | clean |
https://www.paypal.com/cgi-bin/webscr?cmd=_xclick-subscriptions&business=iiveras.lt%40gmail.com&a3=29.99&p3=1&t3=m&src=1&no_note=1&custom=-300-yes-32-e3ac152c&no_shipping=1&return=http%3a%2f%2fsameid.net%2fthankyou&rm=2&item_name=sameid%20premium%20-%20300%20requests%2fday | HTTP/1.1 302 Moved Temporarily Connection: close Connection: Transfer-Encoding Date: Thu, 02 Oct 2014 03:15:51 GMT Location: https://www.paypal.com/lt/cgi-bin/webscr?cmd=_flow&SESSION=PAXBXizLAs7_0QfYr6uG65wXCCPdXTsK0KLov7aJWqArW6JW4hS1JFY8EM4&dispatch=5885d80a13c0db1f8e263663d3faee8dbd0a2170b502f343d92a90377a9956d7 Server: Apache Content-Encoding: gzip Content-Type: text/html DC: slc-b-origin-www-2.paypal.com Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=nWS_0cjWFuXZNFetFyG2t2ls0vc8AWJEvbVPUsX2P1ok9sU63VR8u_Aof9AMBDuqZ_6m03_gk4sN11u339NxmLWR1ILGnjykcStL5VnYcxAUNXiKwIER-M2fLJUtg4tEWD99YG545yXTPX5A-_FxyaO-aTbEDHSzyt-itnJESDhUVJnS8Z--5cqqU1lyOkpEee978e1NbzRcvPCggwGB2i6ISgDTxQqoWHQxhNTraZrezfa3pTkMF-aGi62M5bhoda9fNTuGV2RHmOQadVLP10dNEl1w8dQg5bEzid57QsE_qFULiWBK59-ebznbRybo3MfRm-JtAdgQEVrad7-jrdV_E_ghsPSLCR0mDtrw84mTDEOHXy6hkOhIlDvDI8ds1LoiLVlxK0rcSnopZvuVLKV-IbmiqseHOTHZ6ZbHqihlflj9vcQ5mR1tVIW; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=nlFjWc0z9JzUC_hHZgBY5qLEqDqk7_FfZo_CZHFjTFvQvvdvCYe7c9jPqI0RlY5DmYkVeE-eA2XzQdn7; expires=Wed, 27-Sep-2034 03:15:51 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: cookie_check=yes; expires=Sun, 29-Sep-2024 03:15:51 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navcmd=_xclick-subscriptions; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=d1YjJ7g3Z6DDWJAGA9X3AbeGWN6VFVXvH9zU6NMDUIBZWAd00SEU39hSimRKTULDgx9B3CZHieW6E3b7WMG_I0Is8xJrE3cCZAc6s-bjzQXy13ay_MJJ463mmPQhgaOBlPOlLH6Kq4gYtQtnkGhFWAllJaZiUp7LvGIgVGigwyL607uiPjhTgC8SLubMPUmX6qh0BnPXop1m24tt7gUhBGNdBGwkCLU-FDCAbAv8sU1iSEq4-x9lK5bYv0MORIAUJwTzwywloC8_5TSv7o1zJbLrBReobEcnpB0VrTGVYJPOQ6aEO7YXFR_XVbJ6Gh2crdO8N0J-eaHPZWtvVX8RUd2FZRSdxd5Wt9M580; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navlns=0.0; expires=Sat, 01-Oct-2016 03:15:51 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: Apache=10.74.8.137.1412219750621751; path=/; expires=Sat, 24-Sep-44 03:15:50 GMT Set-Cookie: X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dslingshot%26TIME%3D1724066900; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: Apache=10.74.8.60.1412219750612498; path=/; expires=Sat, 24-Sep-44 03:15:50 GMT Set-Cookie: AKDC=slc-b-origin-www-2.paypal.com; expires=Thu, 02-Oct-2014 03:45:51 GMT; path=/; secure Strict-Transport-Security: max-age=63072000 X-Frame-Options: SAMEORIGIN | clean |
https://www.paypal.com/lt/cgi-bin/webscr?cmd=_flow&session=paxbxizlas7_0qfyr6ug65wxccpdxtsk0klov7ajwqarw6jw4hs1jfy8em4&dispatch=5885d80a13c0db1f8e263663d3faee8dbd0a2170b502f343d92a90377a9956d7 | 200 OK Content-Length: 54 Content-Type: text/html | clean |
http://www.haofbi.com/order?plan=pp-business | HTTP/1.1 302 Found Connection: close Date: Thu, 02 Oct 2014 03:15:28 GMT Location: https://www.paypal.com/cgi-bin/webscr?cmd=_xclick-subscriptions&business=iiveras.lt%40gmail.com&a3=59.99&p3=1&t3=M&src=1&no_note=1&custom=-3000-yes-32-31faf08b&no_shipping=1&return=http%3A%2F%2Fsameid.net%2Fthankyou&rm=2&item_name=SameID%20Business%20-%203000%20requests%2Fday Server: Apache/2.4.6 (Ubuntu) Content-Length: 504 Content-Type: text/html; charset=iso-8859-1 | clean |
https://www.paypal.com/cgi-bin/webscr?cmd=_xclick-subscriptions&business=iiveras.lt%40gmail.com&a3=59.99&p3=1&t3=m&src=1&no_note=1&custom=-3000-yes-32-31faf08b&no_shipping=1&return=http%3a%2f%2fsameid.net%2fthankyou&rm=2&item_name=sameid%20business%20-%203000%20requests%2fday | HTTP/1.1 302 Moved Temporarily Connection: close Connection: Transfer-Encoding Date: Thu, 02 Oct 2014 03:15:52 GMT Location: https://www.paypal.com/lt/cgi-bin/webscr?cmd=_flow&SESSION=DnqjY0CqJJtP2U1XF6zDxeCFjuStSwhd_MbiRbQgnfm1ElGx4vsqbImbU4i&dispatch=5885d80a13c0db1f8e263663d3faee8dbd0a2170b502f343d92a90377a9956d7 Server: Apache Content-Encoding: gzip Content-Type: text/html DC: slc-b-origin-www-2.paypal.com Set-Cookie: cwrClyrK4LoCV1fydGbAxiNL6iG=Ers3yw0a5DVMz5-Z5a0FjszX0lZabNiF5LgRtWCqARIarVc1RNj1dYsBpvM9W9TyK8GjnRltoyP8vx7iVp5PdRoRkRaI2Z26Io_wN0EsBExSK_u2qoDBB91XRmRjVbGhrKozZPyq54z_DmbIgrFZMOmP_YKQLSmtOOBF8X0bS1IFt8MHf80TMGlDvK0djyZ_8pCAykmPPDA2g3TF1OnxoNXWINUX9JG61GVXR4Jixt6fsLwIzhqyiKQ7QpPhD-p4nMXMvxQNyIXFSp1jx35_fOCMe4YnKwm7VT22YoZej5v-at052Anqe_2TFzLbQ61lv4JcM5i8okawuZfncfxbxQZOU4ZtTbEAkgfdx8BEJBsfVSX0GIzBIIQj46YidC5be9MsCVQTySVxkr_p-O7_G-ovvFSA45p3x3a_8lzoyG0X6h1VIKsbTdvp1g0; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: KHcl0EuY7AKSMgfvHl7J5E7hPtK=FPlaUoayYOCAUr3oKpug0Kb9CzJg9xARpCfqeh_EuM_qIZYDBmS8pCt-vf2ZydL2vEYv6WOL0HqNsla7; expires=Wed, 27-Sep-2034 03:15:52 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: cookie_check=yes; expires=Sun, 29-Sep-2024 03:15:52 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navcmd=_xclick-subscriptions; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: pNTcMTtQfrJuaJiwEnWXQ6yNxfq=pYCZ4_cu140qKUG3zHbF-XtXTvG-wsmgK0nuTJ5xBlHVt43Fp8H11RMgsreyeddzlErhUsWtOSmSFuY508s6xxh-YSmtOXXvCPWYq7oEp_c6fyk3o3V3g76-cZHNCGICyvKPtzTYJlhFszl_aYrhktb4g2o2ZAAcPRjXpxjAQFKzA874Jq1kzab2Z4VqL3CJB0YE-Z2isxnV33tQ8bEulfMc33K2TiJ3jd92vHNqQpWitBx9dBnO6b3HaPjaF4uW-G-rRo17kS4Xx5S-R1T5MXf2sJ8ti33CHJFLnr28ATUryZtVUbNeCXVap_rN4dBZT13bhiimSJ4f5PSFmBMIybgFhDhilvlTB0HicG; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: navlns=0.0; expires=Sat, 01-Oct-2016 03:15:52 GMT; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: Apache=10.74.8.137.1412219752203142; path=/; expires=Sat, 24-Sep-44 03:15:52 GMT Set-Cookie: X-PP-SILOVER=name%3DLIVE6.WEB.1%26silo_version%3D880%26app%3Dslingshot%26TIME%3D1757621332; domain=.paypal.com; path=/; Secure; HttpOnly Set-Cookie: X-PP-SILOVER=; Expires=Thu, 01 Jan 1970 00:00:01 GMT Set-Cookie: Apache=10.74.8.56.1412219752193763; path=/; expires=Sat, 24-Sep-44 03:15:52 GMT Set-Cookie: AKDC=slc-b-origin-www-2.paypal.com; expires=Thu, 02-Oct-2014 03:45:52 GMT; path=/; secure Strict-Transport-Security: max-age=63072000 X-Frame-Options: SAMEORIGIN | clean |
https://www.paypal.com/lt/cgi-bin/webscr?cmd=_flow&session=dnqjy0cqjjtp2u1xf6zdxecfjustswhd_mbirbqgnfm1elgx4vsqbimbu4i&dispatch=5885d80a13c0db1f8e263663d3faee8dbd0a2170b502f343d92a90377a9956d7 | 200 OK Content-Length: 54 Content-Type: text/html | clean |
http://www.haofbi.com/contacts.html | 200 OK Content-Length: 4349 Content-Type: text/html | clean |
http://xgwfzp.com/fun/js/script.js | 200 OK Content-Length: 4853 Content-Type: application/x-javascript | clean |
http://xgwfzp.com/flash_pic.asp | 200 OK Content-Length: 1488 Content-Type: text/html | clean |