Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=666com7.tk
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.666com7.tk/ | HTTP/1.1 200 OK Date: Tue, 01 Jul 2014 08:13:15 GMT Accept-Ranges: bytes ETag: "7a78b6afff94cf1:32041" Server: IIS Content-Length: 51407 Content-Location: http://www.666com7.tk/index.html Content-Type: text/html Last-Modified: Tue, 01 Jul 2014 07:40:10 GMT | clean |
http://www.666com7.tk/index.html | 200 OK Content-Length: 51407 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.maifang333.com ...[1690 bytes skipped]... ch" method="get"> <input name="wd" type="text" class="ipt_txt" value="ÇëÊäÈëÄãÏëÒª¿´µÄµçÓ°¹Ø¼ü×Ö...ÓÐÒâÍâÊÕ»ñŶ£¡" onFocus="this.value=''" onBlur="if(!value){value=defaultValue;}"> <input type="submit" id="btn" class="ipt_btn" value="ËÑ Ë÷" /></form> </div></div> <div id="alink"> <a class="a_home" onclick="this.style.behavior='url(#default#homepage)';this.setHomePage('http://www.maifang333.com');" href="http://www.maifang333.com" target="_top">ÉèΪÊ×Ò³</a> <a href="mailto:hua1314.info@gmail.com">¹ã¸æÁªÏµ</a> <a class="a_home" href="app/addwz.asp" target="_blank"><font color=red>ÐÂÕ¾Ìá½»</font></a></div> </div> </div><!-- // Header End --> <!-- // Menu Start --> <div id="menu_box"> <div id="menu"> <ul> <li><a href="inde ...[64313 bytes skipped]... | ||
http://www.666com7.tk/common/time.js | 200 OK Content-Length: 10813 Content-Type: application/x-javascript | clean |
http://www.666com7.tk/app/wzlltj.js | 200 OK Content-Length: 291 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.maifang333.com document.write ('<script language="javascript" type="text/javascript" src="http://js.users.51.la/5637711.js"></script>');
document.writeln("<a href=\"http://webscan.360.cn/index/checkwebsite/url/www.maifang333.com\" name=\"56b7ec6ab8c56fda92721ff5d2f633e7\" >360ÍøÕ¾°²È«¼ì²âƽ̨</a>"); Decoded script: <a href="http://webscan.360.cn/index/checkwebsite/url/www.maifang333.com" name="56b7ec6ab8c56fda92721ff5d2f633e7" >360ÍøÕ¾°²È«¼ì²âƽ̨</a> | ||
http://www.666com7.tk/app/ad1.js | 200 OK Content-Length: 1523 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.ylzhj.com ...[1378 bytes skipped]... &h=250&b=0080ff&s=004080&bg=FFFFFF&p=808080&u=384&ty=mr&at=p4&tt=t1\'></script> "); document.writeln("<script id=\"wf\" type=\"text/javascript\" charset=\"gb2312\" src=\"http://js.adm.cnzz.net/s.php?sid=167502&l=sclm&uid=35508\"></script>"); document.writeln("<iframe height=\'320\' width=\'960\' frameborder=\'no\' scrolling=\'no\' src= \'http://www.ylzhj.com/01.html\'></iframe>"); Decoded script: <style type="text/css"> <!-- .STYLE1 { font-size: 36px; color: #999999; } --> </style> <table width="960" height="80" border="1"> <tr> <td><div align="center" class="STYLE1">960*80 ¹ã¸æλ³ö×â</div></td> </tr> </table> <iframe height='120' width='809' frameborder='no' scrolling='no' src= 'http://www.84lm.com/code/adview_pic5.php?r=1&c=7&w=809&h=120&b=0080ff&s=CC0000&bg=FFFFFF&p=FFFFCC&u=384&at=p0&tt=t1'></iframe> <iframe height='320' width='960' frameborder='no' scrolling='no' src= 'http://www.ylzhj.com/01.html'></iframe> | ||
http://www.666com7.tk/app/dt.js | 200 OK Content-Length: 443 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.maifang333.com document.writeln("<script type=\"text/javascript\"> ");document.writeln("var isPoped = false; ");document.writeln("document.onclick = function() ");document.writeln("{ ");document.writeln("if (!isPoped) ");document.writeln("{ ");document.writeln("window.open(\'http://www.maifang333.com/app/out.asp\'); ");document.writeln("isPoped = true; ");document.writeln("} ");document.writeln("} ");document.writeln("</script>");document.writeln("");
Decoded script: var isPoped = false; document.onclick = function() { if (!isPoped) { window.open('http://www.maifang333.com/app/out.asp'); isPoped = true; } } | ||
http://www.666com7.tk/app/ad2.js | 200 OK Content-Length: 1762 Content-Type: application/x-javascript | clean |
http://www.666com7.tk/app/pf.js | 200 OK Content-Length: 3 Content-Type: application/x-javascript | clean |
http://www.666com7.tk/app/duilian.js | 200 OK Content-Length: 177 Content-Type: application/x-javascript | clean |
http://www.666com7.tk/app/ad3.js | 200 OK Content-Length: 854 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: maifang333.com document.writeln("ÓÑÇéÁ´½Ó£º");
document.writeln("<a href=http://maifang333.com/you.html target=_blank>ß䷻ɫµ¼º½</a>"); document.writeln("<a href=http://maifang333.com/you1.html target=_blank>ÉäÒ»×ì</a>"); document.writeln("<a href=http://maifang333.com/vivi/ target=_blank>ÐÔ½»µçÓ°</a>"); document.writeln("<a href=http://maifang333.com target=_blank>·çɧÉÙ¸¾</a>"); document.writeln("<a href=http://maifang333.com target=_blank>ÐÔÅ°´ýµçÓ°</a> ...[486 bytes skipped]... Decoded script: ÓÑÇéÁ´½Ó£º <a href=http://maifang333.com/you.html target=_blank>ß䷻ɫµ¼º½</a> <a href=http://maifang333.com/you1.html target=_blank>ÉäÒ»×ì</a> <a href=http://maifang333.com/vivi/ target=_blank>ÐÔ½»µçÓ°</a> <a href=http://maifang333.com target=_blank>·çɧÉÙ¸¾</a> <a href=http://maifang333.com target=_blank>ÐÔÅ°´ýµçÓ°</a> <a href=http://maifang333.com target=_blank>ɧÃÃÃÃ</a> <a href=http://maifang333.com target=_blank>Óù½ã¶¯Âþ</a> <a href=http://www.jywj.net target=_blank>¼«ÓÅÓ°ÊÓ</a> | ||
http://www.666com7.tk/app/tui.js | 200 OK Content-Length: 2200 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
var isXPSP2 = false; var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6"; var str_url; str_url = window.location.search; function ext() { if(doexit) { doexit=false; if(!isXPSP2 && !usePopDialog) { window.open(popURL1,"",popWindowOptions); } else i var popWindowOptions = "scrollbars=1,menubar=0,toolbar=0,location=0,personalbar=0,status=0,resizable=1"; var doexit = true; var usePopDialog = true; var isUsingSpecial = false; function loadpopups(){ if(doexit && !isUsingSpecial) { doexit = false; window.open(popURL1,"",popWindowOptions); } } Antivirus reports:
| ||
http://www.666com7.tk/app/picshow.js | 200 OK Content-Length: 154 Content-Type: application/x-javascript | clean |
http://www.666com7.tk/../index.html | 403 Forbidden Content-Length: 32 Content-Type: text/html | clean |
http://www.666com7.tk/test404page.js | 200 OK Content-Length: 3169 Content-Type: text/html | clean |
http://www.666com7.tk/app/addwz.asp | 200 OK Content-Length: 9526 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.maifang333.com ...[296 bytes skipped]... i][n]; for(i=0;!x&&d.layers&&i<d.layers.length;i++) x=MM_findObj(n,d.layers[i].document); if(!x && document.getElementById) x=document.getElementById(n); return x; } function JM_cc(ob){ var obj=MM_findObj(ob); if (obj) { obj.select();js=obj.createTextRange();js.execCommand("Copy");} alert("¸´ÖƳɹ¦!"); } document.write('<input name="page_url" value="http://www.maifang333.com" size="20"><input type="button" name="Button" class="button1" style=color:red value="¸´ÖÆÁ´½Ó" onClick=JM_cc("page_url")>'); Decoded script: <input name="page_url" value="http://www.maifang333.com" size="20"><input type="button" name="Button" class="button1" style=color:red value="¸´ÖÆÁ´½Ó" onClick=JM_cc("page_url")> | ||
http://www.666com7.tk/app/../common/time.js | 200 OK Content-Length: 10813 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 666com7.tk
Result:
GET / HTTP/1.1
Host: 666com7.tk
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 666com7.tk
Referer: http://www.google.com/search?q=666com7.tk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 666com7.tk
Referer: http://www.google.com/search?q=666com7.tk
Result:
The result is similar to the first query. There are no suspicious redirects found.