Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.xiaojikuaipao.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.xiaojikuaipao.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 03:36:20 GMT Location: http://www.lofter.com/mydomainr.do?domain=www.xiaojikuaipao.com&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | malicious |
URL: http://www.lofter.com/mydomainr.do?domain=www.xiaojikuaipao.com&path=/ (imitation of visitor from search engine) GET /mydomainr.do?domain=www.xiaojikuaipao.com&path=/ HTTP/1.1 Host: www.lofter.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 03:36:21 GMT Location: http://hama120.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=A7881E927247A4AD1AA69C6DDFEA9ED4.blog83-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3FX-From-ISP%3D2%26domain%3Dwww.xiaojikuaipao.com%26path%3D%2F|http%3A%2F%2Fwww.google.com%2Furl%3Fsa%3Dt%26rct%3Dj%26q%3Dwww.xiaojikuaipao.com%26source%3Dweb%26cd%3D1%26ved%3D0CDEQFjAG%26url%3Dhttp%3A%252F%252Fwww.xiaojikuaipao.com%252F%26ei%3DwC7yT5qCJbCCkQKtnwE%26usg%3DAFQjCNGEeYp3D7uuNLAJxMIVliLyQ9O_Pg; Domain=.lofter.com; Expires=Sat, 30-Aug-2014 03:36:21 GMT; Path=/ Set-Cookie: usertrack=ezq0d1P/9TWuZmPDDxHzAg==; expires=Sat, 29-Aug-15 03:36:21 GMT; domain=lofter.com; path=/ | suspicious |
Scanned pages/files
Request | Server response | Status |
http://www.xiaojikuaipao.com/ | 200 OK Content-Length: 31242 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91572 Content-Type: application/x-javascript | clean |
http://lofter.ph.126.net/FzQySaHtfyMIwqVPfL5vXQ==/5629538017120095361.js | 200 OK Content-Length: 8801 Content-Type: application/javascript | clean |
http://lofter.ph.126.net/3x-GDoZHvjOG2OjUM7eCFw==/5629538017120095362.js | 200 OK Content-Length: 1207 Content-Type: application/javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0005 | 200 OK Content-Length: 2224 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19650 Content-Type: application/x-javascript | clean |
http://www.xiaojikuaipao.com/app?from=theme | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 03:36:32 GMT Location: http://www.lofter.com/app/hama120?from=theme Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: NTESLOFTSI=161D60A9C7F9C3F8CC6E604BEFAC4845.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fgouappdownload.do%3Fmydomain%3Dwww.xiaojikuaipao.com%26from%3Dtheme|; Domain=.lofter.com; Expires=Sat, 30-Aug-2014 03:36:32 GMT; Path=/ | clean |
http://www.lofter.com/app/hama120?from=theme | 200 OK Content-Length: 98885 Content-Type: text/html | clean |
http://l.bst.126.net/s/core.js?f42482aa1460235cb518ac0dab3e2977 | 200 OK Content-Length: 85344 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/s/pt_page_uapp_uappDownload.js?6cf3c5424472bf76a1c77c9a453509ee | 200 OK Content-Length: 91823 Content-Type: application/x-javascript | clean |
http://www.xiaojikuaipao.com/login | 404 Not Found Content-Length: 6924 Content-Type: text/html | suspicious |
Hidden iFrame found. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
http://www.xiaojikuaipao.com/wubianwuji951 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 03:36:43 GMT Location: http://wubianwuji951.com Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: NTESLOFTSI=1CA73FC94C80026BF5C81569D595C802.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fcustompage.do%3Fmydomain%3Dwww.xiaojikuaipao.com%26%26url%3Dwubianwuji951|; Domain=.lofter.com; Expires=Sat, 30-Aug-2014 03:36:43 GMT; Path=/ | clean |
http://wubianwuji951.com/ | 500 Can't connect to wubianwuji951.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://wubianwuji951.com/test404page.js | 500 Can't connect to wubianwuji951.com:80 (Bad hostname) Content-Length: 166 Content-Type: text/plain | clean |
http://www.xiaojikuaipao.com/weibo | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 03:36:44 GMT Location: http://weibo.com/hama120 Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 Set-Cookie: NTESLOFTSI=8BF0E81E4C8F81F9F6318B9532481242.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fcustompage.do%3Fmydomain%3Dwww.xiaojikuaipao.com%26%26url%3Dweibo|; Domain=.lofter.com; Expires=Sat, 30-Aug-2014 03:36:44 GMT; Path=/ | clean |
http://weibo.com/hama120 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, no-store Connection: close Date: Fri, 29 Aug 2014 03:36:44 GMT Pragma: no-cache Location: http://passport.weibo.com/visitor/visitor?a=enter&url=http%3A%2F%2Fweibo.com%2Fhama120&_rand=1409283404.9491 Server: WeiBo Content-Type: text/html; charset=utf-8 Expires: Sat, 26 Jul 1997 05:00:00 GMT DPOOL_HEADER: venus160 LB_HEADER: venus50 P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" Set-Cookie: YF-Page-G0=d0adfff33b42523753dc3806dc660aa7;Path=/ | clean |
http://passport.weibo.com/visitor/visitor?a=enter&url=http%3a%2f%2fweibo.com%2fhama120&_rand=1409283404.9491 | 200 OK Content-Length: 4588 Content-Type: text/html | clean |
http://passport.weibo.com/js/visitor/mini.js | 200 OK Content-Length: 28163 Content-Type: application/javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xiaojikuaipao.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xiaojikuaipao.com/
Result: xiaojikuaipao.com is not infected or malware details are not published yet.
Result: xiaojikuaipao.com is not infected or malware details are not published yet.