Scanned pages/files
| Request | Server response | Status |
http://cbg88.taobao.com/ | 200 OK Content-Length: 142232 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.g_hb_monitor_st = +new Date(); window.g_config = {appId:2, assetsHost:"http://a.tbcdn.cn",toolbar:false, pageType:"wangpu"}; window.shop_config = { "hasImpress":true, "shopId":"35993573", "siteId":"1", "userId":"79591895", "user_nick": "%E8%8D%89%E5%AE%9D%E8%B0%B788", "shopCategoryId":"20", siteId:'1', siteCategoryId:'2', itemId:'', shopStats:'', validatorUrl:'http://store.taobao.com/tadget/shop_stats.htm', templateId:'206531', templateName:'' }; window._poc = window._poc || []; window._poc.push(["_trackCustom", "tpl", "new_shop"]); Antivirus reports:
| ||
http://g.tbcdn.cn/??kissy/k/1.3.2/kissy-min.js,tb/global/2.6.13/global-min.js | 200 OK Content-Length: 182057 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/apps/taesite/platinum/scripts/wangpu/init-async-min.js?t=20140404.js | 200 OK Content-Length: 4959 Content-Type: application/x-javascript | clean |
http://cbg88.taobao.com/cuxiao.htm?signin=true | 200 OK Content-Length: 211319 Content-Type: text/html | clean |
http://cbg88.taobao.com/search.htm?orderType=hotkeep_desc | 200 OK Content-Length: 191814 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.g_hb_monitor_st = +new Date(); window.g_config = {appId:2, assetsHost:"http://a.tbcdn.cn",toolbar:false, pageType:"wangpu"}; window.shop_config = { "hasImpress":true, "shopId":"35993573", "siteId":"1", "userId":"79591895", "user_nick": "%E8%8D%89%E5%AE%9D%E8%B0%B788", "shopCategoryId":"20", siteId:'1', siteCategoryId:'2', itemId:'', shopStats:'', validatorUrl:'http://store.taobao.com/tadget/shop_stats.htm', templateId:'206531', templateName:'' }; window._poc = window._poc || []; window._poc.push(["_trackCustom", "tpl", "new_shop"]); Antivirus reports:
| ||
http://a.tbcdn.cn/apps/taesite/platinum/scripts/wangpu/init-min.js?t=20140404.js | 200 OK Content-Length: 4773 Content-Type: application/x-javascript | clean |
http://uaction.aliyuncdn.com/js/ua.js | 200 OK Content-Length: 57138 Content-Type: application/x-javascript | clean |
http://cbg88.taobao.com/hy/index.htm | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 04 Apr 2014 15:03:43 GMT Location: http://shop35993573.taobao.com/hy/open.htm Server: Tengine Content-Language: zh-CN Content-Length: 0 Content-Type: text/html;charset=GBK At_isb: 0 At_shoptype: 1_35993573 Atp_isdpp: 1v35993573 P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR' Set-Cookie: cookie2=94eac7d47046828f60062fa97c75de5b;Domain=.taobao.com;Path=/;HttpOnly Set-Cookie: _tb_token_=33e3a31673a5;Domain=.taobao.com;Path=/;HttpOnly Set-Cookie: t=0b0725f603490987d291f92165e71e54; Domain=.taobao.com; Expires=Thu, 03-Jul-2014 15:03:43 GMT; Path=/ Set-Cookie: uc1=cookie14=UoLVYyQjjGI5MA%3D%3D; Domain=.taobao.com; Path=/ Set-Cookie: v=0; Domain=.taobao.com; Path=/ | clean |
http://shop35993573.taobao.com/hy/open.htm | 200 OK Content-Length: 49244 Content-Type: text/html | clean |
http://a.tbcdn.cn/??s/kissy/1.3.0/kissy-min.js | 200 OK Content-Length: 143770 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/p/snsdk/core.js | 200 OK Content-Length: 16311 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/apps/taesite/hy/20130618/kaitong-min.js?t=20131029 | 200 OK Content-Length: 149039 Content-Type: application/x-javascript | clean |
http://cbg88.taobao.com/hy/ http://www.taobao.com/m?spm=1.1000386.176505.4&TBG=146112.176505.4 | HTTP/1.1 302 Found Connection: close Date: Fri, 04 Apr 2014 15:03:47 GMT Location: http://err.taobao.com/error1.html Server: Tengine Content-Length: 260 Content-Type: text/html | clean |
http://err.taobao.com/error1.html | 200 OK Content-Length: 12031 Content-Type: text/html | clean |
http://g.tbcdn.cn/kissy/k/1.4.1/seed-min.js?t=20140212 | 200 OK Content-Length: 44675 Content-Type: application/x-javascript | clean |
http://g.tbcdn.cn/tb/global/2.6.13/global-min.js | 200 OK Content-Length: 37547 Content-Type: application/x-javascript | clean |
http://cbg88.taobao.com/hy/ http://www.taobao.com/ | HTTP/1.1 302 Found Connection: close Date: Fri, 04 Apr 2014 15:03:50 GMT Location: http://err.taobao.com/error1.html Server: Tengine Content-Length: 260 Content-Type: text/html | clean |
http://err.taobao.com/test404page.js | 200 OK Content-Length: 54991 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cbg88.taobao.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Apr 2014 15:03:34 GMT
Via: 1.1 varnish
Age: 0
Server: Tengine
Vary: Accept-Encoding
Content-Language: zh-CN
Content-Type: text/html;charset=GBK
At_isb: 0
At_shoptype: 1_35993573
Atp_isdpp: 1v35993573
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
X-Cache: MISS
X-CacheHits: 0
X-Varnish: 330656637
X-Varnish-Cache: 1
GET / HTTP/1.1
Host: cbg88.taobao.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 04 Apr 2014 15:03:34 GMT
Via: 1.1 varnish
Age: 0
Server: Tengine
Vary: Accept-Encoding
Content-Language: zh-CN
Content-Type: text/html;charset=GBK
At_isb: 0
At_shoptype: 1_35993573
Atp_isdpp: 1v35993573
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
X-Cache: MISS
X-CacheHits: 0
X-Varnish: 330656637
X-Varnish-Cache: 1
Second query (visit from search engine):
GET / HTTP/1.1
Host: cbg88.taobao.com
Referer: http://www.google.com/search?q=cbg88.taobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cbg88.taobao.com
Referer: http://www.google.com/search?q=cbg88.taobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cbg88.taobao.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cbg88.taobao.com/
Result: cbg88.taobao.com is not infected or malware details are not published yet.
Result: cbg88.taobao.com is not infected or malware details are not published yet.