Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aica5.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.aica5.com/ | HTTP/1.1 200 OK Date: Sun, 06 Jul 2014 04:22:55 GMT Accept-Ranges: bytes ETag: "761f7f3e86fcf1:8f1" Server: Microsoft-IIS/6.0 Content-Length: 58201 Content-Location: http://www.aica5.com/index.htm Content-Type: text/html Last-Modified: Wed, 14 May 2014 00:05:41 GMT X-Powered-By: ASP.NET | clean |
http://www.aica5.com/index.htm | 200 OK Content-Length: 58201 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[3608 bytes skipped]... ;div id="ad_T" align="center"><font color="red"><script src="/bw.js"></script></font></div> </ul> <h3><span><font color="#FFFFFF">A3æ°ç«ç»å½</font></span><a href="http://www.aica5.com/#" target="_self"><font color="#FFFFFF">è¿åé é¨â</font></a></h3> <ul> <li><a href="http://www.v2ba.net/" target="_blank">QQ空é´å¨çº¿ææ¾</a></li> <li><a href="http://www.anzixuan.com/" target="_blank">å®å轩è²</a></li> <li><a href="http://www.v2ba.net/" target="_blank">ç§éçµå½±ç©ºé´</a></li> <li><a href="http://www.380se.com/" target="_blank">çªçªè²åç½ç«</a></li> <li><a href="http://img.666nnnn.com/" target="_blank">è²å¦¹å¦¹å°è¯´</a ...[73426 bytes skipped]... | ||
http://www.aica5.com/top.js | 200 OK Content-Length: 155 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.v2ba.net document.writeln("<iframe id=\"ifp\" width=\"468\" height=\"60\" frameborder=\"0\" scrolling=\"no\" src=\"http://www.v2ba.net/ad/550x80.html\"></iframe>"); Decoded script: <iframe id="ifp" width="468" height="60" frameborder="0" scrolling="no" src="http://www.v2ba.net/ad/550x80.html"></iframe> | ||
http://www.aica5.com/bw.js | 200 OK Content-Length: 155 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.v2ba.net document.writeln("<iframe id=\"ifp\" width=\"890\" height=\"60\" frameborder=\"0\" scrolling=\"no\" src=\"http://www.v2ba.net/ad/960x60.html\"></iframe>"); Decoded script: <iframe id="ifp" width="890" height="60" frameborder="0" scrolling="no" src="http://www.v2ba.net/ad/960x60.html"></iframe> | ||
http://www.v2ba.net/ad/dl.js | HTTP/1.1 302 Object moved Location: http://www.v2ba.cc/ad/dl.js | clean |
http://www.v2ba.cc/ad/dl.js | 200 OK Content-Length: 195 Content-Type: application/x-javascript | clean |
http://www.aica5.com/img/dt.js | 200 OK Content-Length: 525 Content-Type: application/x-javascript | clean |
http://www.aica5.com/cnzz.js | 200 OK Content-Length: 765 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.writeln("<!-- Baidu Button BEGIN -->");
document.writeln("<script type=\"text\/javascript\" id=\"bdshare_js\" data=\"type=slide&img=7&pos=right&uid=400742\" ><\/script>"); document.writeln("<script type=\"text\/javascript\" id=\"bdshell_js\"><\/script>"); document.writeln("<script type=\"text\/javascript\">"); document.writeln("var bds_config={\"bdTop\":47};"); document.writeln("document.getElementById(\"bdshell_js\").src = \"http:\/\/bdimg.share.baidu.com\/static\/js\/shell_v2.js?cdnversion=\" + Math.ceil(new Date()\/3600000);"); document.writeln("<\/script>"); document.writeln("<!-- Baidu Button END -->") document.write('<script src="http://s14.cnzz.com/stat.php?id=5853885&web_id=5853885" language="JavaScript"></script>'); Antivirus reports:
| ||
http://www.aica5.com/ly/index.html | 200 OK Content-Length: 1978 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[689 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite"> ...[1007 bytes skipped]... | ||
http://www.aica5.com/ly/js/set.js | 200 OK Content-Length: 1144 Content-Type: application/x-javascript | clean |
http://www.aica5.com/ly/ | HTTP/1.1 200 OK Date: Sun, 06 Jul 2014 04:23:03 GMT Accept-Ranges: bytes ETag: "8cfa65786fcf1:8f1" Server: Microsoft-IIS/6.0 Content-Length: 1978 Content-Location: http://www.aica5.com/ly/index.html Content-Type: text/html Last-Modified: Wed, 14 May 2014 00:06:23 GMT X-Powered-By: ASP.NET | clean |
http://www.aica5.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.aica5.com/ly/contact.html?post=4 | 200 OK Content-Length: 3887 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[1487 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite">æ ...[2163 bytes skipped]... | ||
http://www.aica5.com/ly/contact_book.php | 200 OK Content-Length: 10094 Content-Type: text/html | clean |
http://www.aica5.com/ly/contact.html | 200 OK Content-Length: 3887 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[1487 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite">æ ...[2163 bytes skipped]... | ||
http://www.aica5.com/ly/contact.html?post=2 | 200 OK Content-Length: 3887 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[1487 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite">æ ...[2163 bytes skipped]... | ||
http://www.aica5.com/ly/contact.html?post=3 | 200 OK Content-Length: 3887 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[1487 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite">æ ...[2163 bytes skipped]... | ||
http://www.aica5.com/ly/contact.html?post=1 | 200 OK Content-Length: 3887 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.v2ba.net ...[1487 bytes skipped]... lt;tr> <!-- logo_style --><td width="200" valign="top" align="center"> <a href="http://www.aica5.com" target="_self"><img src="img/logo.gif" alt="logo" width="207" height="72" /></a></td> <!-- /logo_style --><td width="9"></td> <td width="600" align="center"></td> <td><div class="STYLE3">·<a href="http://www.v2ba.net/" class="STYLE4">å¨çº¿ææ¾</a> ·<a href="http://www.aica5.com/">è²ç«å¯¼èª</a><br /> ·<a href="http://www.aica5.com/ly/">å 费裸è</a> ·<a href="http://www.aica5.com/ly/">å°å§ä¸é¨</a><br /> ·<a href="http://www.aica5.com/ly/">ç¾å¥³æå¡</a> ·<a href="javascript:window.external.AddFavorite('http://www.aica5.com/','天涯è²å¯¼èª');" target="_self" class="head_favorite">æ ...[2163 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aica5.com
Result:
GET / HTTP/1.1
Host: aica5.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: aica5.com
Referer: http://www.google.com/search?q=aica5.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aica5.com
Referer: http://www.google.com/search?q=aica5.com
Result:
The result is similar to the first query. There are no suspicious redirects found.