Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=173ka.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://173ka.com/ | 200 OK Content-Length: 73814 Content-Type: text/html | clean |
http://js.users.51.la/3841769.js | 200 OK Content-Length: 1977 Content-Type: application/x-javascript | clean |
http://173ka.com/baolai/2.1.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215623029.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215623029.js?d=173ka.com | 200 OK Content-Length: 4067 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head>"); document.writeln("<meta charset=\"gbk\">"); document.writeln("<title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title>"); document.writeln("<link charset=\"utf-8\" href=\"http://d687ef1ed80f97de.0075.cdn.78302.com/baolai/all.css?d=173ka.com\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<div id=\"help\"><!-- class=\"buss\"-->"); document.writeln(" <div class=\"header\">"); document.writeln( ...[4177 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head> <meta charset="gbk"> <title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title> <link charset="utf-8" href="http://d687ef1ed80f97de.0075.cdn.78302.com/baolai/all.css?d=173ka.com" media="screen" rel="stylesheet" type="text/css" /> </head> <body> <div id="help"><!-- class="buss"--> <div class="header"> <div class="bigMenu"> <div class="bigMenuItem"> <div class="bigMenuBuy"><a href="index.htm">ͼÎĽ̳Ì-173KA ...[2728 bytes skipped]... | ||
http://173ka.com/test404page.js | 404 Not Found Content-Length: 5200 Content-Type: text/html | clean |
http://173ka.com/diandian/2.1.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215624075.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215624075.js?d=173ka.com | 200 OK Content-Length: 4069 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head>"); document.writeln("<meta charset=\"gbk\">"); document.writeln("<title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title>"); document.writeln("<link charset=\"utf-8\" href=\"http://d687ef1ed80f97de.0075.cdn.78302.com/diandian/all.css?d=173ka.com\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<div id=\"help\"><!-- class=\"buss\"-->"); document.writeln(" <div class=\"header\">"); document.writel ...[4179 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head> <meta charset="gbk"> <title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title> <link charset="utf-8" href="http://d687ef1ed80f97de.0075.cdn.78302.com/diandian/all.css?d=173ka.com" media="screen" rel="stylesheet" type="text/css" /> </head> <body> <div id="help"><!-- class="buss"--> <div class="header"> <div class="bigMenu"> <div class="bigMenuItem"> <div class="bigMenuBuy"><a href="index.htm">ͼÎĽ̳Ì-173 ...[2730 bytes skipped]... | ||
http://173ka.com/hanwang/2.1.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215625097.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215625097.js?d=173ka.com | 200 OK Content-Length: 4068 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head>"); document.writeln("<meta charset=\"gbk\">"); document.writeln("<title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title>"); document.writeln("<link charset=\"utf-8\" href=\"http://d687ef1ed80f97de.0075.cdn.78302.com/hanwang/all.css?d=173ka.com\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<div id=\"help\"><!-- class=\"buss\"-->"); document.writeln(" <div class=\"header\">"); document.writeln ...[4178 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head> <meta charset="gbk"> <title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title> <link charset="utf-8" href="http://d687ef1ed80f97de.0075.cdn.78302.com/hanwang/all.css?d=173ka.com" media="screen" rel="stylesheet" type="text/css" /> </head> <body> <div id="help"><!-- class="buss"--> <div class="header"> <div class="bigMenu"> <div class="bigMenuItem"> <div class="bigMenuBuy"><a href="index.htm">ͼÎĽ̳Ì-173K ...[2729 bytes skipped]... | ||
http://173ka.com/jinpai/2.1.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215625125.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215625125.js?d=173ka.com | 200 OK Content-Length: 4067 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head>"); document.writeln("<meta charset=\"gbk\">"); document.writeln("<title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title>"); document.writeln("<link charset=\"utf-8\" href=\"http://d687ef1ed80f97de.0075.cdn.78302.com/jinpai/all.css?d=173ka.com\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<div id=\"help\"><!-- class=\"buss\"-->"); document.writeln(" <div class=\"header\">"); document.writeln( ...[4177 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head> <meta charset="gbk"> <title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title> <link charset="utf-8" href="http://d687ef1ed80f97de.0075.cdn.78302.com/jinpai/all.css?d=173ka.com" media="screen" rel="stylesheet" type="text/css" /> </head> <body> <div id="help"><!-- class="buss"--> <div class="header"> <div class="bigMenu"> <div class="bigMenuItem"> <div class="bigMenuBuy"><a href="index.htm">ͼÎĽ̳Ì-173KA ...[2728 bytes skipped]... | ||
http://173ka.com/dazhong/2.1.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215624053.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150203215624053.js?d=173ka.com | 200 OK Content-Length: 4068 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head>"); document.writeln("<meta charset=\"gbk\">"); document.writeln("<title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title>"); document.writeln("<link charset=\"utf-8\" href=\"http://d687ef1ed80f97de.0075.cdn.78302.com/dazhong/all.css?d=173ka.com\" media=\"screen\" rel=\"stylesheet\" type=\"text/css\" />"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<div id=\"help\"><!-- class=\"buss\"-->"); document.writeln(" <div class=\"header\">"); document.writeln ...[4178 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head> <meta charset="gbk"> <title>×¢²á³äÖµµÚ1²½-ͼÎĽ̳Ì-173ka.com</title> <link charset="utf-8" href="http://d687ef1ed80f97de.0075.cdn.78302.com/dazhong/all.css?d=173ka.com" media="screen" rel="stylesheet" type="text/css" /> </head> <body> <div id="help"><!-- class="buss"--> <div class="header"> <div class="bigMenu"> <div class="bigMenuItem"> <div class="bigMenuBuy"><a href="index.htm">ͼÎĽ̳Ì-173K ...[2729 bytes skipped]... | ||
http://173ka.com/jd.htm | 200 OK Content-Length: 233 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150220174717002.js?d=173ka.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150220174717002.js?d=173ka.com | 200 OK Content-Length: 1182 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 173ka.com document.writeln("<html>");
document.writeln("<head>"); document.writeln("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=gb2312\">"); document.writeln("<title>173ka.com-¾©¶«²¹µê½çÃæÐÀÉÍ</title>"); document.writeln("</head>"); document.writeln("<body>"); document.writeln("<p align=\"center\">"); document.writeln(" "); document.writeln("<img src=\"http://img03.taobaocdn.com/imgextra/i3/45681983/TB2VSKcbVXXXXcUXXXXXXXXXXXX_!!45681983.jpg\" alt=\" ÆäËû1\"/>"); document.writeln("<br>"); document.writeln("<img src=\"http://img04.t ...[705 bytes skipped]... Decoded script: <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>173ka.com-¾©¶«²¹µê½çÃæÐÀÉÍ</title> </head> <body> <p align="center"> <img src="http://img03.taobaocdn.com/imgextra/i3/45681983/TB2VSKcbVXXXXcUXXXXXXXXXXXX_!!45681983.jpg" alt=" ÆäËû1"/> <br> <img src="http://img04.taobaocdn.com/imgextra/i4/45681983/TB2034.bVXXXXXtXpXXXXXXXXXX_!!45681983.jpg" alt=" ÆäËû2"/> <br> <img src="http://img01.taobaocdn.com/imgextra/i1/45681983/TB27teXbVXXXXacXpXXXXXXXXXX_!!45681983.jpg" alt=" ·Å·¨ÉèÖÃ"/><br> <img src="http://img02.taobaocdn.com/imgextra/i2/45681983/TB2_zp9bVXXXXaUXpXXXXXXXXXX_!!45681983.jpg" alt=" ³èµêÉèÖÃ"/></p> </body> </html> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 173ka.com
Result:
HTTP/1.1 200 OK
Cache-Control: 604800
Connection: close
Date: Wed, 04 Mar 2015 23:02:08 GMT
Accept-Ranges: bytes
ETag: "a9fbf932bd55d01:0"
Server: nginx/1.6.2
Content-Length: 73814
Content-Type: text/html
Last-Modified: Tue, 03 Mar 2015 14:20:28 GMT
X-Powered-By: ASP.NET
...73814 bytes of data.
GET / HTTP/1.1
Host: 173ka.com
Result:
HTTP/1.1 200 OK
Cache-Control: 604800
Connection: close
Date: Wed, 04 Mar 2015 23:02:08 GMT
Accept-Ranges: bytes
ETag: "a9fbf932bd55d01:0"
Server: nginx/1.6.2
Content-Length: 73814
Content-Type: text/html
Last-Modified: Tue, 03 Mar 2015 14:20:28 GMT
X-Powered-By: ASP.NET
...73814 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 173ka.com
Referer: http://www.google.com/search?q=173ka.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 173ka.com
Referer: http://www.google.com/search?q=173ka.com
Result:
The result is similar to the first query. There are no suspicious redirects found.