Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tool.flytaobao.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://tool.flytaobao.com/ | HTTP/1.1 301 Moved Permanently Date: Tue, 22 Jul 2014 16:50:24 GMT Location: http://www.taoxiaolu.com/ Server: Microsoft-IIS/6.0 Content-Length: 148 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/ | HTTP/1.1 200 OK Date: Tue, 22 Jul 2014 16:50:26 GMT Accept-Ranges: bytes ETag: "f38e5849474cf1:56e" Server: Microsoft-IIS/6.0 Content-Length: 31030 Content-Location: http://www.taoxiaolu.com/index.html Content-Type: text/html Last-Modified: Wed, 21 May 2014 01:32:25 GMT X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/index.html | 200 OK Content-Length: 31030 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.flytaobao.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--<html xmlns="http://www.w3.org/1999/xhtml">--> <html xmlns:wb="http://open.weibo.com/wb"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <meta name="baidu-site-verification" content="4b7f2e9964556dfa973b65279b28a496" /> ...[4380 bytes skipped]... | ||
http://tjs.sjs.sinajs.cn/open/api/js/wb.js | 200 OK Content-Length: 34191 Content-Type: application/x-javascript | clean |
http://tool.flytaobao.com/scripts/zlseo.js | HTTP/1.1 301 Moved Permanently Date: Tue, 22 Jul 2014 16:50:31 GMT Location: http://www.taoxiaolu.com/scripts/zlseo.js Server: Microsoft-IIS/6.0 Content-Length: 164 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/scripts/zlseo.js | 200 OK Content-Length: 46380 Content-Type: application/x-javascript | clean |
http://tool.flytaobao.com/scripts/common.js | HTTP/1.1 301 Moved Permanently Date: Tue, 22 Jul 2014 16:50:33 GMT Location: http://www.taoxiaolu.com/scripts/common.js Server: Microsoft-IIS/6.0 Content-Length: 165 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/scripts/common.js | 200 OK Content-Length: 28856 Content-Type: application/x-javascript | clean |
http://tool.flytaobao.com/scripts/jquery-1.6.2.min.js | HTTP/1.1 301 Moved Permanently Date: Tue, 22 Jul 2014 16:50:35 GMT Location: http://www.taoxiaolu.com/scripts/jquery-1.6.2.min.js Server: Microsoft-IIS/6.0 Content-Length: 175 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/scripts/jquery-1.6.2.min.js | 200 OK Content-Length: 91573 Content-Type: application/x-javascript | clean |
http://tool.flytaobao.com/scripts/taobao_index.js | HTTP/1.1 301 Moved Permanently Date: Tue, 22 Jul 2014 16:50:38 GMT Location: http://www.taoxiaolu.com/scripts/taobao_index.js Server: Microsoft-IIS/6.0 Content-Length: 171 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://www.taoxiaolu.com/scripts/taobao_index.js | 200 OK Content-Length: 4498 Content-Type: application/x-javascript | clean |
http://www.2ge8.com/code/5/204417_2422.js | 404 Not Found Content-Length: 3530 Content-Type: text/html | clean |
http://www.2ge8.com/test404page.js | 404 Not Found Content-Length: 3530 Content-Type: text/html | clean |
http://js.users.51.la/15696655.js | 200 OK Content-Length: 1947 Content-Type: application/x-javascript | clean |
http://wpa.b.qq.com/cgi/wpa.php?key=XzgwMDA1MTgwMF8zNzExOV84MDAwNTE4MDBf | 200 OK Content-Length: 11503 Content-Type: text/javascript | suspicious |
Page code contains blacklisted domain: www.flytaobao.com ...[3294 bytes skipped]... on(){q[this]=function(y){return function(){var z=arguments,A=u+y;var B=r("7818","21","1");v.one("api.define."+A,function(){B.addPoint("3").send();q[y].apply(q,z)});x(A)}}(this)})})})(window.BizQQWPA); BizQQWPA.set("srcPath", "/crm/wpa/release/3.3.3/"); BizQQWPA.setVersion("3.3.20140708").load({"wty":"1","kfuin":"800051800","nameAccount":"800051800","type":"12","sv":"4","title":"\u4f01\u4e1a\u540d\u79f0","aty":"0","a":"0","ws":"www.flytaobao.com","btn1":"\u8425\u9500QQ\u4ea4\u8c08","btn2":"\u4e0b\u6b21\u518d\u8bf4","fsty":"0","fposX":"2","fposY":"1","csty":"1","tx":"1","wd":"\u9010\u9e7f\u57f9\u8bad \u8f6f\u4ef6","wd2":"\u5173\u6ce8\u6dd8\u5b9d\u8425\u9500\u6700\u524d\u6cbf","curl":"","wid":"","di":""}); |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tool.flytaobao.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Jul 2014 16:50:24 GMT
Location: http://www.taoxiaolu.com/
Server: Microsoft-IIS/6.0
Content-Length: 148
Content-Type: text/html
X-Powered-By: ASP.NET
...148 bytes of data.
GET / HTTP/1.1
Host: tool.flytaobao.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Tue, 22 Jul 2014 16:50:24 GMT
Location: http://www.taoxiaolu.com/
Server: Microsoft-IIS/6.0
Content-Length: 148
Content-Type: text/html
X-Powered-By: ASP.NET
...148 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tool.flytaobao.com
Referer: http://www.google.com/search?q=tool.flytaobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tool.flytaobao.com
Referer: http://www.google.com/search?q=tool.flytaobao.com
Result:
The result is similar to the first query. There are no suspicious redirects found.