Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=realbeauty.idc21.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://realbeauty.idc21.net/ | HTTP/1.1 200 OK Date: Sun, 14 Sep 2014 22:36:42 GMT Accept-Ranges: bytes ETag: "b81b3b8cbaffcb1:23a1e" Server: Microsoft-IIS/6.0 Content-Length: 35642 Content-Location: http://realbeauty.idc21.net/index.html Content-Type: text/html Last-Modified: Thu, 21 Apr 2011 00:24:59 GMT X-Powered-By: ASP.NET | clean |
http://realbeauty.idc21.net/index.html | 200 OK Content-Length: 35642 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.idc21.net ...[519 bytes skipped]... iption" content="ÕæÃÀдÕæÍø£¬ÖÂÁ¦ÓÚÊÕ¼¯¸ßÇåÃÀŮͼƬ£¬°üÀ¨Ã÷ÐÇÃÀŮдÕæͼƬ£¬ÐÔ¸ÐÃÀŮдÕæר¼µÈ¸÷Àà×îÐÂ×îºÃ¿´µÄÃÀŮͼƬ" /> <link href="css/index.css" rel="stylesheet" media="screen" type="text/css" /> <script language="javascript" src="include/js/common.js"></script> <script language="javascript" src="include/js/pic.js"></script> </style><script language="javascript" src="http://www.idc21.net/ASCX/yo114_duilian.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin4exit.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin.js"></script> </head> <body> <div id="top"> <div class="topright"> <div class="search"><form id="FormQry" name="FormQry" method="post" action="http://www.idc21.net/WritePaper4We ...[3413 bytes skipped]... | ||
http://realbeauty.idc21.net/include/js/common.js | 200 OK Content-Length: 603 Content-Type: application/x-javascript | clean |
http://realbeauty.idc21.net/include/js/pic.js | 200 OK Content-Length: 4229 Content-Type: application/x-javascript | clean |
http://www.idc21.net/ASCX/yo114_duilian.js | 200 OK Content-Length: 3389 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: meinvhome.idc21.net var curlocation=window.location.href.toLowerCase();
var targeturl ="http://meinvhome.idc21.net"; if (curlocation.indexOf("meinvhome.idc21.net:5200")>=0 ) { if (curlocation=="http://meinvhome.idc21.net:5200" || curlocation=="http://meinvhome.idc21.net:5200/" || curlocation=="http://meinvhome.idc21.net:5200/index.html") { targeturl ="http://meinvhome.idc21.net/index2.html"; } else { targeturl=curlocation.replace(/:5200/,""); } win ...[2909 bytes skipped]... | ||
http://www.idc21.net/ASCX/yo114_popupwin4exit.js | 200 OK Content-Length: 2401 Content-Type: application/x-javascript | clean |
http://www.idc21.net/ASCX/yo114_popupwin.js | 200 OK Content-Length: 8227 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: beauty.idc21.net var randnum = parseInt(Math.random()*100);
var locationurl=window.location.href; locationurl=locationurl.toLowerCase(); var locationdns=""; var locationport=""; var reg=/(\w+):\/\/([^\/:]+)(:\d*)?([^#]*)/; var myArray1=locationurl.match(reg); locationdns = myArray1[2]; locationport = myArray1[3]; //alert(locationport); if (locationport==null) { locationport=":80"; ...[4138 bytes skipped]... | ||
http://realbeauty.idc21.net/ad/dmg_pics_top.js | 200 OK Content-Length: 108 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: www.idc21.net document.write('<scr'+'ipt src="http://www.idc21.net/ascx/ad_760x90.js" type=text/javascript></scr'+'ipt>'); | ||
http://realbeauty.idc21.net/ad/960x_1.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://realbeauty.idc21.net/test404page.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://realbeauty.idc21.net/plus/ad_js.php?aid=9 | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://realbeauty.idc21.net/ad/960x_2.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://realbeauty.idc21.net/plus/stat.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://realbeauty.idc21.net/plus/ad_js.php?aid=4 | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://femalewhisper.idc21.net:520/js/adclk_recorder.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://femalewhisper.idc21.net:520/js/dibu.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: realbeauty.idc21.net
Result:
HTTP/1.1 200 OK
Date: Sun, 14 Sep 2014 22:36:42 GMT
Accept-Ranges: bytes
ETag: "b81b3b8cbaffcb1:23a1e"
Server: Microsoft-IIS/6.0
Content-Length: 35642
Content-Location: http://realbeauty.idc21.net/index.html
Content-Type: text/html
Last-Modified: Thu, 21 Apr 2011 00:24:59 GMT
X-Powered-By: ASP.NET
...35642 bytes of data.
GET / HTTP/1.1
Host: realbeauty.idc21.net
Result:
HTTP/1.1 200 OK
Date: Sun, 14 Sep 2014 22:36:42 GMT
Accept-Ranges: bytes
ETag: "b81b3b8cbaffcb1:23a1e"
Server: Microsoft-IIS/6.0
Content-Length: 35642
Content-Location: http://realbeauty.idc21.net/index.html
Content-Type: text/html
Last-Modified: Thu, 21 Apr 2011 00:24:59 GMT
X-Powered-By: ASP.NET
...35642 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: realbeauty.idc21.net
Referer: http://www.google.com/search?q=realbeauty.idc21.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: realbeauty.idc21.net
Referer: http://www.google.com/search?q=realbeauty.idc21.net
Result:
The result is similar to the first query. There are no suspicious redirects found.