Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=haode.ml
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://haode.ml/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.haode.ml/ | 200 OK Content-Length: 18437 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 1x1 src: http://www.newteenx.com/?ft=haode.ml <iframe src="http://www.newteenx.com/?ft=haode.ml" width="1" id="toplisted" height="1" vspace="-100"> Hidden iFrame found. size: 1x1 src: http://young-sluts.xxxbit.com/index.php?u=haodeml <iframe src="http://young-sluts.xxxbit.com/index.php?u=haodeml" width="1" id="toplisted" height="1" vspace="-100"> | ||
http://www.haode.ml/js/cpm.js | 200 OK Content-Length: 5051 Content-Type: application/x-javascript | clean |
http://www.haode.ml/popup.php | 200 OK Content-Length: 662 Content-Type: text/html | clean |
http://www.haode.ml/test404page.js | 404 Not Found Content-Length: 589 Content-Type: text/html | clean |
http://www.haode.ml/js/tan.js | 200 OK Content-Length: 5644 Content-Type: application/x-javascript | clean |
http://s1.slimtrade.com/s6788.js | 200 OK Content-Length: 6971 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: toplist.traffic-hits.com eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e x=G 1g("1Z.1Y (24)","1S.C-P.Y (8)","1t (3)","1s (1)","1z (1)","1L-1K (1)","1M-1N (0)","1J (0)","1I.1D (0)","1E.1H-1G.l (0)","C.C-P (0)","1T (0)","2c (0)");e I=G 1g("f://1Z.1Y-3v.l","f://1S.C-P.Y/j-y/p.j?w=3C","f://3g.1t.1C/j-y/p.j?w=3r","f:// ...[3591 bytes skipped]... Decoded script: var stTrName=new Array("toplist.traffic (24)","free.top-dolls.net (8)","xdcuties (3)","twranking (1)","newteenx (1)","little-cutie (1)","models-list (0)","pornboard (0)","sgirls.hotdolls (0)","teeniedolls.tiny-virginz.com (0)","top.top-dolls (0)","incestsextoons (0)","pervertcomics (0)");var stTrUrl=new Array("http://toplist.traffic-hits.com","http://free.top-dolls.net/cgi-bin/in.cgi?id=716","http://best.xdcuties.info/cgi-bin/in.cgi?id=2156","http://www.twranking.com/ranking.php?id=haodeml","http://www.newteenx.com/?ft=haode.ml","http://www.little-cutie.org/cgi-bin/in.cgi?id=1013","http://www.models-list.org/cgi-bin/in.cgi?id=1930","http://pornboard.in/?id=haode.ml","http://sgirls.hotdolls.info/cgi-bin/in.cgi?id=991","http://teeniedolls.tiny-virginz.com","http://top.top- ...[13393 bytes skipped]... | ||
http://www.haode.ml/tan.php | 200 OK Content-Length: 8960 Content-Type: text/html | clean |
http://syndication.exoclick.com/splash.php?idzone=1076572&type=3 | 200 OK Content-Length: 5827 Content-Type: application/x-javascript | clean |
http://cdn.popcash.net/pop.js | 200 OK Content-Length: 2863 Content-Type: application/x-javascript | clean |
http://hitslap.com/show.php?u=5292&type=popunder | 200 OK Content-Length: 112 Content-Type: text/html | clean |
http://hitslap.com/show.php?u=5292&type=popunder'+'&r='+Math.random()+' | 200 OK Content-Length: 135 Content-Type: text/html | clean |
http://hitslap.com/show.php?u=5292&type=popunder'+'&r='+Math.random()+''+'&r='+Math.random()+' | 200 OK Content-Length: 158 Content-Type: text/html | clean |
http://hitslap.com/show.php?u=5292&type=popunder'+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+' | 200 OK Content-Length: 181 Content-Type: text/html | clean |
http://hitslap.com/show.php?u=5292&type=popunder'+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+' | 200 OK Content-Length: 204 Content-Type: text/html | clean |
http://hitslap.com/show.php?u=5292&type=popunder'+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+''+'&r='+Math.random()+' | 200 OK Content-Length: 227 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: haode.ml
Result:
GET / HTTP/1.1
Host: haode.ml
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: haode.ml
Referer: http://www.google.com/search?q=haode.ml
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: haode.ml
Referer: http://www.google.com/search?q=haode.ml
Result:
The result is similar to the first query. There are no suspicious redirects found.