Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=topbeauty.idc21.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://topbeauty.idc21.net/ | HTTP/1.1 200 OK Date: Sun, 14 Sep 2014 20:25:03 GMT Accept-Ranges: bytes ETag: "36637a866489cb1:23a1e" Server: Microsoft-IIS/6.0 Content-Length: 22463 Content-Location: http://topbeauty.idc21.net/index.html Content-Type: text/html Last-Modified: Sun, 21 Nov 2010 10:11:55 GMT X-Powered-By: ASP.NET | clean |
http://topbeauty.idc21.net/index.html | 200 OK Content-Length: 2627 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.idc21.net ...[254 bytes skipped]... ,ÖйúÈËÌåÒÕÊõÕÕ</title> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <LINK href="../../images/meinv_new.css" type=text/css rel=stylesheet> <base target="_blank" /> </HEAD> <BODY onselectstart="return false" oncontextmenu="return false"> <script language='javascript' src='http://www.idc21.net/ASCX/showgirlchangeurl.js'></script> <DIV id=no></DIV> <DIV id=top> <DIV id=logo><A href="/"><IMG src="/images/logo.gif"></A></DIV> <DIV id=gg01><script src="/js/top.js" language="javascript"></script></DIV></DIV> <DIV id=menu><INS style="BACKGROUND: url(/templets/img/menu_l.gif)"></INS> <UL> <LI><A href="/">ÈËÌåÒÕÊõ& ...[2562 bytes skipped]... | ||
http://www.idc21.net/ASCX/showgirlchangeurl.js | 200 OK Content-Length: 4608 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: topgirl.idc21.net var switchurl=1;
if(switchurl==1) { var urlarr=new Array(1); urlarr[urlarr.length]="http://meinv.idc21.net/index.html"; urlarr[urlarr.length]="http://girl.idc21.net/index.html"; urlarr[urlarr.length]="http://ilikegirl.idc21.net/index.html"; urlarr[urlarr.length]="http://51mm.idc21.net/index.html"; urlarr[urlarr.length]="http://okgirl.idc21.net/index.html"; urlarr[urlarr.length]="http://topgirl.idc21.net/index.html"; urlarr[urlarr.length]="http://realbeauty.idc21.net/index.html"; urlarr[urlarr.length]="http://realbeauty.idc21.net/qingchun/1591_2.html"; urlarr[urlarr.length]="http://meinvhome.idc21.net/index.html"; urlarr[urlarr.length]="http://meinvshow.idc21.net/index.html"; urlarr[urlarr.length]="http://girl.idc21.net:520/index.html"; urlarr[urlarr.length]="http://meinvshow.idc21.n ...[3875 bytes skipped]... | ||
http://topbeauty.idc21.net/js/top.js | 200 OK Content-Length: 188 Content-Type: application/x-javascript | clean |
http://topbeauty.idc21.net/js/hdp.js | 200 OK Content-Length: 2004 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: showgirl.idc21.net linkarr = new Array(); picarr = new Array(); textarr = new Array(); var swf_width=449; var swf_height=280; var files = ""; var links = ""; var texts = ""; linkarr[1] = "http://showgirl.idc21.net/"; picarr[1] = "/images/001.jpg"; textarr[1] = "¸µÕêâù¾µäÈËÌåר¼tempts"; linkarr[2] = "http://beauty.idc21.net/"; picarr[2] = "/images/002.jpg"; textarr[2] = "ÍòÖÖ·çÇéµÄÓæ¼ÒMM"; linkarr[3] = "http://jqrtys.idc21.net/"; picarr[3] = "/images/003.jpg"; textarr[3] = "Ñ©µØÀïµÄÈËÌåдÕæ"; linkarr[4] = "http://beauty.idc21.net:5200/index.html"; picarr[4] = "/images/004.jpg"; textarr[4 ...[1543 bytes skipped]... Decoded script: ...[75 bytes skipped]... se="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="449" height="280"><param name="movie" value="/images/bcastr3.swf"><param name="quality" value="high"><param name="menu" value="false"><param name=wmode value="opaque"><param name="FlashVars" value="bcastr_file=/images/001.jpg|/images/002.jpg|/images/003.jpg|/images/004.jpg|/images/005.jpg&bcastr_link=http://showgirl.idc21.net/|http://beauty.idc21.net/|http://jqrtys.idc21.net/|http://beauty.idc21.net:5200/index.html|http://beauty.idc21.net:5920/index.html&bcastr_title=¸µÕêâù¾µäÈËÌåר¼tempts|ÍòÖÖ·çÇéµÄÓæ¼ÒMM|Ñ©µØÀïµÄÈËÌåдÕæ|³ÉÊìÀÏÁ·µÄÖйúÈËÌåÄ£ÌØÐìÈó¡±|Ïç¼äСľÎÝÀïÎÂÈáµÄÈËÌå"><embed src="/templets/images/bcastr3.swf" wmode="opaque" FlashVars="bcastr_file=/images/001.jpg|/images/002.jpg|/images/003.jpg|/images/004.jpg|/images/005.jpg&bcastr_link=http://showgirl.idc21.net/|http://beauty ...[423 bytes skipped]... | ||
http://topbeauty.idc21.net/ribenrentiyishu/ | HTTP/1.1 200 OK Date: Sun, 14 Sep 2014 20:25:12 GMT Accept-Ranges: bytes ETag: "e91bda186bbcc1:23a1e" Server: Microsoft-IIS/6.0 Content-Length: 8933 Content-Location: http://topbeauty.idc21.net/ribenrentiyishu/index.html Content-Type: text/html Last-Modified: Fri, 16 Dec 2011 00:07:00 GMT X-Powered-By: ASP.NET | clean |
http://topbeauty.idc21.net/ribenrentiyishu/index.html | 200 OK Content-Length: 8933 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.idc21.net ...[88 bytes skipped]... /1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD> <title>ÈÕ±¾ÈËÌåÒÕÊõ - ºÃÈËÌå</title> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <LINK href="/img/meinv_new.css" type=text/css rel=stylesheet> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_duilian.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin4exit.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin.js"></script> </head> <BODY onselectstart="return false" oncontextmenu="return false"> <script language='javascript' src='http://www.idc21.net/ASCX/showgirlchangeurl.js'></script> <DIV ...[4505 bytes skipped]... | ||
http://www.idc21.net/ASCX/yo114_duilian.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.idc21.net/test404page.js | 404 Not Found Content-Length: 83 Content-Type: text/html | clean |
http://www.idc21.net/ASCX/yo114_popupwin4exit.js | 200 OK Content-Length: 2401 Content-Type: application/x-javascript | clean |
http://www.idc21.net/ASCX/yo114_popupwin.js | 200 OK Content-Length: 8227 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: beauty.idc21.net var randnum = parseInt(Math.random()*100);
var locationurl=window.location.href; locationurl=locationurl.toLowerCase(); var locationdns=""; var locationport=""; var reg=/(\w+):\/\/([^\/:]+)(:\d*)?([^#]*)/; var myArray1=locationurl.match(reg); locationdns = myArray1[2]; locationport = myArray1[3]; //alert(locationport); if (locationport==null) { locationport=":80"; ...[4138 bytes skipped]... | ||
http://topbeauty.idc21.net/js/belowpageindex.js | 200 OK Content-Length: 1870 Content-Type: application/x-javascript | clean |
http://topbeauty.idc21.net/js/tj.js | 200 OK Content-Length: 0 Content-Type: application/x-javascript | clean |
http://femalewhisper.idc21.net:520/js/dibu.js | 200 OK Content-Length: 862 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: realbeauty.idc21.net //document.writeln("<script type=\"text/javascript\" src=\"http:\/\/femalewhisper.idc21.net:520\/js\/qq.js\"><\/script>")
var data = new Date(); var randnum = parseInt(data.getSeconds()/10); if (window.location.href.indexOf("realbeauty.idc21.net:")>0 ) { } else if (window.location.href.indexOf("realbeauty.idc21.net")>0 && window.location.href.indexOf("realbeauty.idc21.net:")<0) { } else if ( window.location.href.indexOf("meinvshow.idc21.net:5200")>0) { } else if (window.location.href.indexOf("meinvshow.idc21.net:520")>0) { document.writeln("<\script src=\"http://f.70e.com/f.asp?u=41601& ...[315 bytes skipped]... | ||
http://www.idc21.net/ASCX/pageview.js | 200 OK Content-Length: 375 Content-Type: application/x-javascript | clean |
http://topbeauty.idc21.net/zhongguorentiyishu/ | HTTP/1.1 200 OK Date: Sun, 14 Sep 2014 20:25:34 GMT Accept-Ranges: bytes ETag: "4a3045ad86bbcc1:23a1e" Server: Microsoft-IIS/6.0 Content-Length: 8919 Content-Location: http://topbeauty.idc21.net/zhongguorentiyishu/index.html Content-Type: text/html Last-Modified: Fri, 16 Dec 2011 00:07:19 GMT X-Powered-By: ASP.NET | clean |
http://topbeauty.idc21.net/zhongguorentiyishu/index.html | 200 OK Content-Length: 8919 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.idc21.net ...[88 bytes skipped]... /1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD> <title>ÖйúÈËÌåÒÕÊõ - ºÃÈËÌå</title> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <LINK href="/img/meinv_new.css" type=text/css rel=stylesheet> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_duilian.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin4exit.js"></script> <script language="javascript" src="http://www.idc21.net/ASCX/yo114_popupwin.js"></script> </head> <BODY onselectstart="return false" oncontextmenu="return false"> <script language='javascript' src='http://www.idc21.net/ASCX/showgirlchangeurl.js'></script> <DIV ...[4513 bytes skipped]... | ||
http://meinv.idc21.net/js/dibu5.js | 200 OK Content-Length: 85 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: topbeauty.idc21.net
Result:
HTTP/1.1 200 OK
Date: Sun, 14 Sep 2014 20:25:03 GMT
Accept-Ranges: bytes
ETag: "36637a866489cb1:23a1e"
Server: Microsoft-IIS/6.0
Content-Length: 22463
Content-Location: http://topbeauty.idc21.net/index.html
Content-Type: text/html
Last-Modified: Sun, 21 Nov 2010 10:11:55 GMT
X-Powered-By: ASP.NET
...22463 bytes of data.
GET / HTTP/1.1
Host: topbeauty.idc21.net
Result:
HTTP/1.1 200 OK
Date: Sun, 14 Sep 2014 20:25:03 GMT
Accept-Ranges: bytes
ETag: "36637a866489cb1:23a1e"
Server: Microsoft-IIS/6.0
Content-Length: 22463
Content-Location: http://topbeauty.idc21.net/index.html
Content-Type: text/html
Last-Modified: Sun, 21 Nov 2010 10:11:55 GMT
X-Powered-By: ASP.NET
...22463 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: topbeauty.idc21.net
Referer: http://www.google.com/search?q=topbeauty.idc21.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: topbeauty.idc21.net
Referer: http://www.google.com/search?q=topbeauty.idc21.net
Result:
The result is similar to the first query. There are no suspicious redirects found.