Scanned pages/files
| Request | Server response | Status |
http://shop101287108.taobao.com/ | 200 OK Content-Length: 93430 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.g_hb_monitor_st = +new Date(); window.g_config = {appId:2, assetsHost:"http://a.tbcdn.cn",toolbar:false, pageType:"wangpu"}; window.shop_config = { "hasImpress":true, "shopId":"101287108", "siteId":"1", "userId":"1059145715", "user_nick": "yangruiyong66", "shopCategoryId":"1104", siteId:'1', siteCategoryId:'2', itemId:'', shopStats:'', validatorUrl:'http://store.taobao.com/tadget/shop_stats.htm', templateId:'206531', templateName:'' }; window._poc = window._poc || []; window._poc.push(["_trackCustom", "tpl", "new_shop"]); Antivirus reports:
| ||
http://g.tbcdn.cn/??kissy/k/1.3.2/kissy-min.js,tb/global/2.7.4/global-min.js | 200 OK Content-Length: 182235 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/apps/taesite/platinum/scripts/wangpu/init-async-min.js?t=20140418.js | 200 OK Content-Length: 4959 Content-Type: application/x-javascript | clean |
http://shop101287108.taobao.com/ugo.htm?signin=true | 200 OK Content-Length: 177076 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window.g_hb_monitor_st = +new Date(); window.g_config = {appId:2, assetsHost:"http://a.tbcdn.cn",toolbar:false, pageType:"wangpu"}; window.shop_config = { "hasImpress":true, "shopId":"101287108", "siteId":"1", "userId":"1059145715", "user_nick": "yangruiyong66", "shopCategoryId":"1104", siteId:'1', siteCategoryId:'2', itemId:'', shopStats:'', validatorUrl:'http://store.taobao.com/tadget/shop_stats.htm', templateId:'206531', templateName:'' }; window._poc = window._poc || []; window._poc.push(["_trackCustom", "tpl", "new_shop"]); Antivirus reports:
| ||
http://a.tbcdn.cn/apps/taesite/platinum/scripts/wangpu/init-min.js?t=20140418.js | 200 OK Content-Length: 4773 Content-Type: application/x-javascript | clean |
http://shop101287108.taobao.com/hy/index.htm | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 07 May 2014 09:12:16 GMT Location: http://shop101287108.taobao.com/hy/open.htm Server: Tengine Content-Language: zh-CN Content-Length: 0 Content-Type: text/html;charset=GBK At_isb: 0 At_shoptype: 1_101287108 Atp_isdpp: 1v101287108 P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR' Set-Cookie: cookie2=ebf947bcc6bdfeb89b05d8050885518e;Domain=.taobao.com;Path=/;HttpOnly Set-Cookie: _tb_token_=371e343b5bb65;Domain=.taobao.com;Path=/;HttpOnly Set-Cookie: t=68e09c0a0fd4e1dd7efe494e4133789a; Domain=.taobao.com; Expires=Tue, 05-Aug-2014 09:12:16 GMT; Path=/ Set-Cookie: uc1=cookie14=UoLVbEA1%2BMyaQA%3D%3D; Domain=.taobao.com; Path=/ Set-Cookie: v=0; Domain=.taobao.com; Path=/ | clean |
http://shop101287108.taobao.com/hy/open.htm | 200 OK Content-Length: 49262 Content-Type: text/html | clean |
http://a.tbcdn.cn/??s/kissy/1.3.0/kissy-min.js | 200 OK Content-Length: 143770 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/p/snsdk/core.js | 200 OK Content-Length: 15941 Content-Type: application/x-javascript | clean |
http://a.tbcdn.cn/apps/taesite/hy/20130618/kaitong-min.js?t=20131029 | 200 OK Content-Length: 149039 Content-Type: application/x-javascript | clean |
http://shop101287108.taobao.com/hy/ http://www.taobao.com/m?spm=1.1000386.176505.4&TBG=146112.176505.4 | HTTP/1.1 302 Found Connection: close Date: Wed, 07 May 2014 09:12:22 GMT Location: http://err.taobao.com/error1.html Server: Tengine Content-Length: 260 Content-Type: text/html | clean |
http://err.taobao.com/error1.html | 200 OK Content-Length: 12114 Content-Type: text/html | clean |
http://g.tbcdn.cn/kissy/k/1.4.1/seed-min.js?t=20140212 | 200 OK Content-Length: 44675 Content-Type: application/x-javascript | clean |
http://g.tbcdn.cn/tb/global/2.7.4/global-min.js | 200 OK Content-Length: 37725 Content-Type: application/x-javascript | clean |
http://shop101287108.taobao.com/hy/ http://www.taobao.com/ | HTTP/1.1 302 Found Connection: close Date: Wed, 07 May 2014 09:12:26 GMT Location: http://err.taobao.com/error1.html Server: Tengine Content-Length: 260 Content-Type: text/html | clean |
http://err.taobao.com/test404page.js | 200 OK Content-Length: 54992 Content-Type: text/html | clean |
http://g.tbcdn.cn/kissy/k/1.3.0/seed-min.js | 200 OK Content-Length: 40458 Content-Type: application/x-javascript | clean |
http://g.tbcdn.cn/??mui/seed/1.1.8/seed.js,tm/fp/1.7.3/seed.js,mui/global/1.1.7/tml.js,mui/global/1.1.7/global.js,tm/fp/1.7.3/mods/brand.js,tm/fp/1.7.3/core.js | 200 OK Content-Length: 55206 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: shop101287108.taobao.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 May 2014 09:12:09 GMT
Via: 1.1 varnish
Age: 2859
Server: Tengine
Vary: Accept-Encoding
Content-Language: zh-CN
Content-Type: text/html;charset=GBK
At_isb: 0
At_shoptype: 1_101287108
Atp_isdpp: 1v101287108
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
X-Cache: HIT
X-CacheHits: 2
X-Varnish: 758115799 756719460
X-Varnish-Cache: 1
GET / HTTP/1.1
Host: shop101287108.taobao.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 07 May 2014 09:12:09 GMT
Via: 1.1 varnish
Age: 2859
Server: Tengine
Vary: Accept-Encoding
Content-Language: zh-CN
Content-Type: text/html;charset=GBK
At_isb: 0
At_shoptype: 1_101287108
Atp_isdpp: 1v101287108
P3P: CP='CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR'
X-Cache: HIT
X-CacheHits: 2
X-Varnish: 758115799 756719460
X-Varnish-Cache: 1
Second query (visit from search engine):
GET / HTTP/1.1
Host: shop101287108.taobao.com
Referer: http://www.google.com/search?q=shop101287108.taobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: shop101287108.taobao.com
Referer: http://www.google.com/search?q=shop101287108.taobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=shop101287108.taobao.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://shop101287108.taobao.com/
Result: shop101287108.taobao.com is not infected or malware details are not published yet.
Result: shop101287108.taobao.com is not infected or malware details are not published yet.