Scanned pages/files
Request | Server response | Status |
http://xxhuayi.com/ | 200 OK Content-Length: 6508 Content-Type: text/html | suspicious |
Hidden iFrame found. The same iFrame was found in 118 websites. size: 1x1 src: http://www.xinnb.com <iframe name=iframemain src=http://www.xinnb.com width=1% height=1% frameborder=0 scrolling=auto target='_blank'> | ||
http://xxhuayi.com/22pop.js | 200 OK Content-Length: 2208 Content-Type: application/x-javascript | clean |
http://www.22.cn/park_log.aspx | 200 OK Content-Length: 214 Content-Type: text/html | clean |
http://www.22.cn/test404page.js | HTTP/1.1 302 Found Cache-Control: private Date: Wed, 02 Apr 2014 16:09:58 GMT Location: /errorpage.aspx?aspxerrorpath=/default.aspx Server: Microsoft-IIS/7.5 Content-Length: 168 Content-Type: text/html; charset=utf-8 X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 X-Powered-By: ASP.NET | clean |
http://www.22.cn/errorpage.aspx?aspxerrorpath=/default.aspx | 200 OK Content-Length: 36041 Content-Type: text/html | clean |
http://www.22.cn/js/jquery-1.4.js | 200 OK Content-Length: 72174 Content-Type: application/x-javascript | clean |
http://www.22.cn/js/jquery.cookie.js | 200 OK Content-Length: 692 Content-Type: application/x-javascript | clean |
http://www.22.cn/js/menu.js?v=1.01 | 200 OK Content-Length: 2035 Content-Type: application/x-javascript | clean |
http://www.22.cn/lostpwd.aspx | 200 OK Content-Length: 46009 Content-Type: text/html | clean |
http://www.22.cn/js/jquery.dialog.js | 200 OK Content-Length: 30591 Content-Type: application/x-javascript | clean |
http://www.22.cn/js/Jquery.dialog.eb.js | 200 OK Content-Length: 3281 Content-Type: application/x-javascript | clean |
http://www.22.cn/findemail.aspx | 200 OK Content-Length: 42855 Content-Type: text/html | clean |
http://www.22.cn/news/info/2013-08-06-2688.html | 200 OK Content-Length: 41599 Content-Type: text/html | clean |
http://www.22.cn/QQLogin.aspx | HTTP/1.1 302 Found Cache-Control: private Date: Wed, 02 Apr 2014 16:10:09 GMT Location: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=207040&state=2bed2b3c397c4e8f828ba2d086ae13c5&redirect_uri=http%3a%2f%2fwww.22.cn%2fqqlogin%2fqqreturnurl.aspx&scope= Server: Microsoft-IIS/7.5 Content-Length: 319 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=vaq4t3553ykyxy2lllhhkk55; path=/; HttpOnly X-AspNet-Version: 2.0.50727 X-Powered-By: UrlRewriter.NET 2.0.0 X-Powered-By: ASP.NET | clean |
https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=207040&state=2bed2b3c397c4e8f828ba2d086ae13c5&redirect_uri=http%3a%2f%2fwww.22.cn%2fqqlogin%2fqqreturnurl.aspx&scope= | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 02 Apr 2014 16:10:12 GMT Location: http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id=207040&state=2bed2b3c397c4e8f828ba2d086ae13c5&redirect_uri=http%3a%2f%2fwww.22.cn%2fqqlogin%2fqqreturnurl.aspx&scope= Server: nginx Content-Length: 0 Content-Type: text/html | clean |
http://openapi.qzone.qq.com/oauth/show?which=login&display=pc&response_type=code&client_id=207040&state=2bed2b3c397c4e8f828ba2d086ae13c5&redirect_uri=http%3a%2f%2fwww.22.cn%2fqqlogin%2fqqreturnurl.aspx&scope= | 200 OK Content-Length: 6753 Content-Type: text/html | clean |
http://qzonestyle.gtimg.cn/open/connect/widget/pc/login/qlogin_v2.js?v=20131226001 | 200 OK Content-Length: 22592 Content-Type: application/x-javascript | clean |
http://www.22.cn/ | 200 OK Content-Length: 181272 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xxhuayi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 02 Apr 2014 16:11:37 GMT
Server: Microsoft-IIS/6.0
Content-Length: 6508
Content-Type: text/html; Charset=UTF-8
Set-Cookie: xxhuayi%2Ecom=KeyWord=&TempId=999&UserBDad=&template=&FriendImgLink=&SiteIntr=&UserGGad=&UserSkype=&BeiAnNum=&FriendTxtLink=&Title=&StrDomainC=&userQQ=&SelfTxt=&CnzzCode=&Fluxstr=&userTel=&userMail=&TJcode=&userMSN=&userORG=&userName=&LogoUrl=&State=&userFax=&userMP=&readDomainData=1; expires=Tue, 01-Apr-2014 16:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDAACTCDTS=AAAEJDFBPNMOJOGAHNFHFIKB; path=/
X-Powered-By: ASP.NET
...6508 bytes of data.
GET / HTTP/1.1
Host: xxhuayi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Wed, 02 Apr 2014 16:11:37 GMT
Server: Microsoft-IIS/6.0
Content-Length: 6508
Content-Type: text/html; Charset=UTF-8
Set-Cookie: xxhuayi%2Ecom=KeyWord=&TempId=999&UserBDad=&template=&FriendImgLink=&SiteIntr=&UserGGad=&UserSkype=&BeiAnNum=&FriendTxtLink=&Title=&StrDomainC=&userQQ=&SelfTxt=&CnzzCode=&Fluxstr=&userTel=&userMail=&TJcode=&userMSN=&userORG=&userName=&LogoUrl=&State=&userFax=&userMP=&readDomainData=1; expires=Tue, 01-Apr-2014 16:00:00 GMT; path=/
Set-Cookie: ASPSESSIONIDAACTCDTS=AAAEJDFBPNMOJOGAHNFHFIKB; path=/
X-Powered-By: ASP.NET
...6508 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: xxhuayi.com
Referer: http://www.google.com/search?q=xxhuayi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xxhuayi.com
Referer: http://www.google.com/search?q=xxhuayi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xxhuayi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xxhuayi.com/
Result: xxhuayi.com is not infected or malware details are not published yet.
Result: xxhuayi.com is not infected or malware details are not published yet.