Scanned pages/files
Request | Server response | Status |
http://xuliming.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:04 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/ Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:05 GMT Location: http://catbit.lofter.com/?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=65BD3A26E03CF737FE9122E02EDBE8A4.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2F|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:05 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1NnvyFDuAIkFYlvAg==; expires=Tue, 05-May-15 16:41:05 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/?mydomainr=true | 200 OK Content-Length: 6226 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/jquery-1.6.2.min.js | 200 OK Content-Length: 91572 Content-Type: application/x-javascript | clean |
http://lofter.ph.126.net/Q26YzZEyNn6RYJeCYOMtnQ==/6597121443702505907.js | 200 OK Content-Length: 2076 Content-Type: application/javascript | clean |
http://l.bst.126.net/rsc/js/themecommon.js?0005 | 200 OK Content-Length: 2224 Content-Type: application/x-javascript | clean |
http://analytics.163.com/ntes.js | 200 OK Content-Length: 19367 Content-Type: application/x-javascript | clean |
http://xuliming.com/view | 200 OK Content-Length: 36362 Content-Type: text/html | clean |
http://l.bst.126.net/s/core.js?83c59d16d372a2b5ca760b8d1433eb73 | 200 OK Content-Length: 85348 Content-Type: application/x-javascript | clean |
http://l.bst.126.net/s/pt_page_archive.js?f975fc8baa58eebf28b6bc9fa21ab6f9 | 200 OK Content-Length: 72806 Content-Type: application/x-javascript | clean |
http://xuliming.com/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:19 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/test404page.js Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/test404page.js | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:20 GMT Location: http://catbit.lofter.com/test404page.js?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=DA0644449811B8B7A717426591E9C8ED.blog83-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2Ftest404page.js|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:20 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1NnvzBA5QIbFIqyAg==; expires=Tue, 05-May-15 16:41:20 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/test404page.js?mydomainr=true | 404 Not Found Content-Length: 4995 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://l.bst.126.net/rsc/js/theme/r/pagephotoshow.min.js?0002 | 200 OK Content-Length: 54020 Content-Type: application/x-javascript | clean |
http://xuliming.com/rss | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:23 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/rss Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/rss | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:24 GMT Location: http://catbit.lofter.com/rss?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=370006A58E1A8EC925B75BE58B08BCA9.lofter0-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2Frss|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:24 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1NnvzREcgInFLm2Ag==; expires=Tue, 05-May-15 16:41:24 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/rss?mydomainr=true | 200 OK Content-Length: 3768 Content-Type: text/xml | clean |
http://catbit.lofter.com/post/1c5ba0_5e4ae3 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 05 May 2014 16:41:26 GMT Location: http://xuliming.com/post/1c5ba0_5e4ae3 Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=68D23E58606C35F1712A3CAE84761062.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fpost.do%3FloftBlogName%3Dcatbit%26loftPostUrl%3D1c5ba0_5e4ae3%26|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:26 GMT; Path=/ Set-Cookie: usertrack=ZUcIhFNnvzayTwyGEx1NAg==; expires=Tue, 05-May-15 16:41:26 GMT; domain=lofter.com; path=/ | clean |
http://xuliming.com/post/1c5ba0_5e4ae3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:27 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/post/1c5ba0_5e4ae3 Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/post/1c5ba0_5e4ae3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:28 GMT Location: http://catbit.lofter.com/post/1c5ba0_5e4ae3?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=EC043EB2E9BD0EBC548D8DBF7BEE1A4E.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2Fpost%2F1c5ba0_5e4ae3|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:28 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1Nnvzg/nQIUFKSnAg==; expires=Tue, 05-May-15 16:41:28 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/post/1c5ba0_5e4ae3?mydomainr=true | 200 OK Content-Length: 9912 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://catbit.lofter.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 05 May 2014 16:41:30 GMT Location: http://xuliming.com Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=FC872C44DD64827BEDAC95CEC350E826.blog197-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fblogindex.do%3FloftBlogName%3Dcatbit%26|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:30 GMT; Path=/ Set-Cookie: usertrack=ZUcIhFNnvzqwoQx8FAhJAg==; expires=Tue, 05-May-15 16:41:30 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/post/ | 404 Not Found Content-Length: 4995 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://xuliming.com/aboutme | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:32 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/aboutme Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/aboutme | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:33 GMT Location: http://catbit.lofter.com/aboutme?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=448F2FDDEF3A8296964CCBEA7CF4214A.blog83-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2Faboutme|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:33 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1Nnvz0/FQIQFXKQAg==; expires=Tue, 05-May-15 16:41:33 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/aboutme?mydomainr=true | 200 OK Content-Length: 5179 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > | ||
http://xuliming.com/post/1c5ba0_59da5f | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:35 GMT Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/post/1c5ba0_59da5f Server: nginx Content-Length: 154 Content-Type: text/html | clean |
http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/post/1c5ba0_59da5f | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 05 May 2014 16:41:36 GMT Location: http://catbit.lofter.com/post/1c5ba0_59da5f?mydomainr=true Server: nginx Content-Length: 0 Content-Type: text/html;charset=UTF-8 P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID" Set-Cookie: NTESLOFTSI=63A49F316C59E966C7C1EC5BC42CB560.lofter1-8010; Domain=.www.lofter.com; Path=/ Set-Cookie: firstentry=%2Fmydomainr.do%3Fdomain%3Dxuliming.com%26path%3D%2Fpost%2F1c5ba0_59da5f|; Domain=.lofter.com; Expires=Tue, 06-May-2014 16:41:36 GMT; Path=/ Set-Cookie: usertrack=ZUcIg1Nnv0BAhQIZFNkyAg==; expires=Tue, 05-May-15 16:41:36 GMT; domain=lofter.com; path=/ | clean |
http://catbit.lofter.com/post/1c5ba0_59da5f?mydomainr=true | 200 OK Content-Length: 6230 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 650 websites. style: hidden src: http://l.bst.126.net/rsc/htm/music.html <iframe style="display:none" src="http://l.bst.126.net/rsc/htm/music.html" > |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xuliming.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 05 May 2014 16:41:04 GMT
Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
GET / HTTP/1.1
Host: xuliming.com
Result:
HTTP/1.1 302 Moved Temporarily
Connection: close
Date: Mon, 05 May 2014 16:41:04 GMT
Location: http://www.lofter.com/mydomainr.do?domain=xuliming.com&path=/
Server: nginx
Content-Length: 154
Content-Type: text/html
...154 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xuliming.com
Referer: http://www.google.com/search?q=xuliming.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xuliming.com
Referer: http://www.google.com/search?q=xuliming.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xuliming.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xuliming.com/
Result: xuliming.com is not infected or malware details are not published yet.
Result: xuliming.com is not infected or malware details are not published yet.