Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=91fangfang.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: michalschabowski.pl
Result:
GET / HTTP/1.1
Host: michalschabowski.pl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: michalschabowski.pl
Referer: http://www.google.com/search?q=michalschabowski.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: michalschabowski.pl
Referer: http://www.google.com/search?q=michalschabowski.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.91fangfang.com/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 02 Oct 2014 10:18:34 GMT Location: http://138yy.yz8.org/vvv-91fangfang-com/ Server: nginx/0.8.46 Content-Length: 161 Content-Type: text/html | malicious |
http://138yy.yz8.org/vvv-91fangfang-com/ | 200 OK Content-Length: 36396 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pic.huaxiafengyun.com ...[222 bytes skipped]... ª·Å·ÅµçÓ°Íø,·Å·ÅµçÓ°ÏÂÔØ</title> <meta http-equiv="content-type" content="text/html; charset=gb2312" /> <meta name="keywords" content="·Å·ÅµçÓ°ÏÂÔØ,·Å·ÅµçÓ°Íø×îеçÓ°,·Å·ÅµçÓ°ÔÚÏß¹Û¿´,·Å·ÅµçӰѸÀ×ÏÂÔØ"> <meta name="description" content="¾ÍÒª·Å·ÅµçÓ°ÍøÿÌìËѼ¯×îеçÓ°µçÊÓ¾ç,ѸÀ׿´¿´¸ßÇåÔÚÏß¹Û¿´,ѸÀ׸ßËÙÃâ·ÑµçÓ°ÏÂÔØ£¬·Å·ÅµçÓ°ÏÂÔØ£¬·Å·ÅµçÓ°Íø×îеçÓ°,ÈȲ¥Á¬Ðø¾çÔÚÏß¹Û¿´¡£"> <link href="http://pic.huaxiafengyun.com/pic/template/91fangfang/images/style.css" rel="stylesheet"> <script src="http://pic.huaxiafengyun.com/pic/ad.js"></script> <script>var sitePath=''</script> <base target="_blank" /> </head> <body> <div id="bodymain"> <div class="ffkk-hd91"> <div class="fflogo91"><a href="http://138yy.yz8.org/vvv-91fangfang-com/" title="¾ÍÒª·Å·ÅµçÓ°Íø" target="_blank"> </a ...[3988 bytes skipped]... | ||
http://pic.huaxiafengyun.com/pic/ad.js | 200 OK Content-Length: 17381 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: tudoutv.net ...[1250 bytes skipped]... if (typeof host != "undefined" && null != host) { var strAry = host.split("."); if (strAry.length > 1) { host = strAry[strAry.length - 2] + "." + strAry[strAry.length - 1]; } } return host; } var dm = getHost(); if(dm == 'youku-tv.com' || dm == 'tudoutv.net' || dm == '7788tv.net' || dm == 'ckdyy.com' || dm == 'aiaidy.org' || dm == '90he.net' || dm == 'huohutv.com' ){ isqi = 1; } if(dm == '51tuo.com' ){ isyou = 1; } if(dm == '138yy.com' ){ ispop = 0; } function ad468x1(){ if (isPc==0) return; document.writeln('<script type="text/JavaScript" charset="gb2312">'); document.writeln('s_noadid="";'); document.writeln('s_ha ...[2708 bytes skipped]... | ||
http://138yy.yz8.org/vvv-91fangfang-com/js/common.js | 200 OK Content-Length: 8237 Content-Type: application/x-javascript | clean |
http://138yy.yz8.org/vvv-91fangfang-com/js/function.js | 200 OK Content-Length: 13411 Content-Type: application/x-javascript | clean |
http://js.tongji.linezing.com/2604245/tongji.js | 200 OK Content-Length: 12836 Content-Type: application/x-javascript | clean |
http://www.91fangfang.com/search.asp?searchword=˺ÍËý˯ÁË | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 02 Oct 2014 10:18:40 GMT Location: http://138yy.yz8.org/vvv-91fangfang-com/search.asp?searchword=%CB%AD%BA%CD%CB%FD%CB%AF%C1%CB Server: nginx/0.8.46 Content-Length: 161 Content-Type: text/html | malicious |
http://138yy.yz8.org/vvv-91fangfang-com/search.asp?searchword=%cb%ad%ba%cd%cb%fd%cb%af%c1%cb | 200 OK Content-Length: 10104 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pic.huaxiafengyun.com ...[72 bytes skipped]... //www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>˺ÍËý˯ÁË-¾ÍÒª·Å·ÅµçÓ°Íø</title> <meta http-equiv="content-type" content="text/html; charset=gb2312" /> <meta name="keywords" content="˺ÍËý˯ÁË,¾ÍÒª·Å·ÅµçÓ°Íø"> <meta name="description" content="˺ÍËý˯ÁË,¾ÍÒª·Å·ÅµçÓ°Íø"> <link href="http://pic.huaxiafengyun.com/pic/template/91fangfang/images/style.css" rel="stylesheet"> <script src="http://pic.huaxiafengyun.com/pic/ad.js"></script> <script src="http://pic.huaxiafengyun.com/pic/js/cfunction.js"></script> </head> <body> <div id="bodymain"> <div class="ffkk-hd91"> <div class="fflogo91"><a href="http://138yy.yz8.org/vvv-91fangfang-com/" title="¾ÍÒª·Å·ÅµçÓ°Íø" target="_blank"> </a>< ...[4195 bytes skipped]... | ||
http://pic.huaxiafengyun.com/pic/js/cfunction.js | 200 OK Content-Length: 21143 Content-Type: application/x-javascript | clean |
http://138yy.yz8.org/vvv-91fangfang-com/js/ads/fenlei.js | HTTP/1.1 404 Not Found Connection: close Date: Thu, 02 Oct 2014 10:18:59 GMT Server: nginx/0.8.46 Vary: Accept-Encoding Vary: Accept-Encoding Content-Type: text/html; charset=gb2312 | clean |
http://138yy.yz8.org/ | 200 OK Content-Length: 44778 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://js.tongji.linezing.com/2700526/tongji.js | 200 OK Content-Length: 12836 Content-Type: application/x-javascript | clean |
http://138yy.yz8.org/list_dianying/dianying1.html | 200 OK Content-Length: 23894 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying2.html | 200 OK Content-Length: 23672 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying13.html | 200 OK Content-Length: 23616 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying3.html | 200 OK Content-Length: 23745 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying4.html | 200 OK Content-Length: 23874 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying5.html | 200 OK Content-Length: 23737 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> |