Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=94se94.comwww.00kkk.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://94se94.comwww.00kkk.com/ | 200 OK Content-Length: 10562 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 00kkk.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title> æ¬äººè®¿é®é巨大ï¼å¦ææä¸å¼è¯·å·æ°é¡µé¢ ï¼ï¼ï¼ 请大家å¤å¤å®£ä¼ æ¬ç«,æ们ä¼æ´å åªå! </title> <meta name="keywords" content="00kkk.com " /> <meta name="description" content="00kkk.com " /> <script src="exit.js" type="text/javascript"></script> <script type="text/javascript" src="jquery/1.3.2/jquery.min.js"></script> <script language="javascript" type="text/javascript"> function oCopy(obj) { obj.select(); js = obj.createTextRange(); } ...[3825 bytes skipped]... | ||
http://94se94.comwww.00kkk.com/exit.js | 200 OK Content-Length: 662 Content-Type: application/x-javascript | clean |
http://94se94.comwww.00kkk.com/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/cpc_wz_tw_stxw.js | 200 OK Content-Length: 1448 Content-Type: application/x-javascript | clean |
http://u493025.778669.com/fshow.php?id=150377 | HTTP/1.1 302 Moved Temporarily Cache-Control: no-cache, must-revalidate Connection: close Date: Sun, 07 Sep 2014 17:07:31 GMT Location: http://code67.wtzixun.com/p.php?id=150377 Server: nginx/1.0.11 Content-Type: text/html P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR" X-Powered-By: PHP/5.3.8 | clean |
http://code67.wtzixun.com/p.php?id=150377 | 200 OK Content-Length: 20543 Content-Type: text/html | clean |
http://pv.778669.com/ppdisplay.php?sid=40033&topu='+encodeURIComponent(document.location)+'&referer='+encodeURIComponent(document.referrer)+rTerm1.buildPara1()+' | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://pv.778669.com/test404page.js | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
http://js.tongji.linezing.com/2993663/tongji.js | 200 OK Content-Length: 12835 Content-Type: application/x-javascript | clean |
http://t.ku63.com/t.asp?u=29268&t=3&m=5&j=30&n= | 200 OK Content-Length: 226 Content-Type: text/html | clean |
http://t.ku63.com/js/t_20140331.js | 200 OK Content-Length: 12353 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/cpc_wz_tw_stxw_fd.js | 200 OK Content-Length: 6207 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 94se94.comwww.00kkk.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 07 Sep 2014 17:06:57 GMT
Server: Microsoft-IIS/6.0
Content-Length: 10562
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=slezhtqzwsayzsibjogbd4gf; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...10562 bytes of data.
GET / HTTP/1.1
Host: 94se94.comwww.00kkk.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sun, 07 Sep 2014 17:06:57 GMT
Server: Microsoft-IIS/6.0
Content-Length: 10562
Content-Type: text/html; charset=utf-8
Set-Cookie: ASP.NET_SessionId=slezhtqzwsayzsibjogbd4gf; path=/; HttpOnly
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...10562 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 94se94.comwww.00kkk.com
Referer: http://www.google.com/search?q=94se94.comwww.00kkk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 94se94.comwww.00kkk.com
Referer: http://www.google.com/search?q=94se94.comwww.00kkk.com
Result:
The result is similar to the first query. There are no suspicious redirects found.