Scanned pages/files
| Request | Server response | Status |
http://www.taxbids.com/ | 200 OK Content-Length: 64599 Content-Type: text/html | clean |
http://www.taxbids.com/scripts/jquery-1.4.4.js | 200 OK Content-Length: 190367 Content-Type: application/javascript | clean |
http://www.taxbids.com/google_analytics_auto.js | 200 OK Content-Length: 430 Content-Type: application/javascript | clean |
http://www.taxbids.com/scripts/select_box/jquery.selectBox.js | 200 OK Content-Length: 24577 Content-Type: application/javascript | clean |
http://www.taxbids.com/index.php | 200 OK Content-Length: 65331 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked By Red_BuLL <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Hacked By Red_BuLL</title> <META NAME="DESCRIPTION" CONTENT="Hacked By Red_BuLL"> <META NAME="KEYWORDS" CONTENT="Hacked By Red_BuLL"> <link rel="shortcut icon" type="image/ico" /> <link href="templates/default/css/taxbids_style.css" rel="stylesheet" type="text/css" /> <SCRIPT LANGUAGE="JavaScript" TYPE="text/javascript" src="http://www.taxbids.com/scripts/jquery-1.4.4.js"></script> ...[84187 bytes skipped]... | ||
http://www.taxbids.com/index.php?mod=cms&pg=menu&act=educate | 200 OK Content-Length: 66639 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=newsletter&pg=contactus&act=contact | 200 OK Content-Length: 25308 Content-Type: text/html | clean |
http://www.taxbids.com/scripts/validator.js | 200 OK Content-Length: 5283 Content-Type: application/javascript | clean |
http://www.taxbids.com/index.php?mod=member&pg=register&act=add_edit | 200 OK Content-Length: 71199 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?sess=bW9kPW1lbWJlciZwZz1sb2dvdXQ= | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 29 Nov 2015 00:45:24 GMT Pragma: no-cache Location: index.php?mod=member&pg=login Server: nginx/1.8.0 Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=1aa33949ada3c3f6473b92113bb76dbd; path=/ | clean |
http://www.taxbids.com/index.php?mod=member&pg=login | 200 OK Content-Length: 68088 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=member&pg=auction&act=cert&category= | 200 OK Content-Length: 76141 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=member&pg=auction&act=cert&category=60 | 200 OK Content-Length: 76157 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=member&pg=auction&act=cert&category=61 | 200 OK Content-Length: 76170 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=member&pg=auction&act=cert&category=63 | 200 OK Content-Length: 76159 Content-Type: text/html | clean |
http://www.taxbids.com/index.php?mod=member&pg=auction&act=cert&category=66 | 200 OK Content-Length: 76160 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: taxbids.com
Result:
GET / HTTP/1.1
Host: taxbids.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: taxbids.com
Referer: http://www.google.com/search?q=taxbids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: taxbids.com
Referer: http://www.google.com/search?q=taxbids.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=taxbids.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://taxbids.com/
Result: taxbids.com is not infected or malware details are not published yet.
Result: taxbids.com is not infected or malware details are not published yet.