Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vs520.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.vs520.net/ | HTTP/1.1 200 OK Date: Thu, 03 Jul 2014 22:02:21 GMT Accept-Ranges: bytes ETag: "665e52638f8ecf1:250" Server: Microsoft-IIS/6.0 Content-Length: 48911 Content-Location: http://www.vs520.net/index.htm Content-Type: text/html Last-Modified: Mon, 23 Jun 2014 03:01:11 GMT X-Powered-By: ASP.NET | clean |
http://www.vs520.net/index.htm | 200 OK Content-Length: 48911 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.cdlili.com ...[9673 bytes skipped]... §Õ×Ë«Ïß</font></TD> <TD style="FONT-SIZE: 9pt; COLOR: #999" align=middle width=143 bgColor=#000000 height=26><font color="#FF9933">ÈËÆø»ð±¬³¤¾Ã¿ª·Å</font></TD> <TD style="FONT-SIZE: 9pt; COLOR: #999" align=middle width=122 bgColor=#000000 height=26><b><font color="#FF0000"> <a href="http://www.cdlili.com/Reg.aspx"><font color="#FF0000">µã»÷×¢²áÕʺÅ</font></a></font></b></TD> <TD style="FONT-SIZE: 9pt; COLOR: #999" align=middle width=123 bgColor=#000000 height=26><font color="#FF0000"><b> <a href="http://yj2.cdlili.com/Login.aspx"><font color="#FF0000"> <a href="http://www.cdlili.com/Login.aspx">µã»÷µÇ¼ÓÎÏ·</a></font></a><a hre ...[51094 bytes skipped]... | ||
http://www.111.com/js/w.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://www.111.com/test404page.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://zf.9ding.cc:80/ch/czm.html?gid=13462588467940737 | 200 OK Content-Length: 7676 Content-Type: text/html | clean |
http://d1vbm0eveofcle.cloudfront.net/scripts/js3caf.js | 200 OK Content-Length: 3490 Content-Type: application/x-javascript | clean |
http://count24.51yes.com/click.aspx?id=244795999&logo=4 | 200 OK Content-Length: 1777 Content-Type: text/html | clean |
http://www.ksdnewr.com/js/w.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 03 Jul 2014 22:02:28 GMT Location: http://adserver.kimia.es/get/iad/1-690-5beb48a093494f8712af5e4c6d50bf80?cl=Redirect_Straight&af=top1&source=ksdnewr.com Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.4-14+deb7u11 | clean |
http://adserver.kimia.es/get/iad/1-690-5beb48a093494f8712af5e4c6d50bf80?cl=redirect_straight&af=top1&source=ksdnewr.com | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 03 Jul 2014 22:02:28 GMT Pragma: no-cache Location: http://td.vs3.com/?profile=kimia-aff&Service=Girls&click_id=xkpltadu201407040002100000000000000000000000002 Server: nginx Content-Length: 107 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Access-Control-Allow-Origin: * Set-Cookie: PHPSESSID=ced2a07c8291c08be5b65ea17c2b2b2a; path=/ Set-Cookie: ced2a07c8291c08be5b65ea17c2b2b2a=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/ X-Powered-By: PHP/5.4.25 | clean |
http://td.vs3.com/?profile=kimia-aff&service=girls&click_id=xkpltadu201407040002100000000000000000000000002 | HTTP/1.1 301 Moved Permanently Connection: close Location: http://flirt4free.com/rooms/?mp_code=acvf6&click_id=xkpltadu201407040002100000000000000000000000002&service=girls&utm_campaign=undefined&utm_content=acvf6&utm_medium=referral&utm_source=pop Content-Length: 101 Content-Type: text/html | clean |
http://flirt4free.com/rooms/?mp_code=acvf6&click_id=xkpltadu201407040002100000000000000000000000002&service=girls&utm_campaign=undefined&utm_content=acvf6&utm_medium=referral&utm_source=pop | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 03 Jul 2014 22:02:29 GMT Location: http://www.flirt4free.com/rooms/?mp_code=acvf6&click_id=xkpltadu201407040002100000000000000000000000002&service=girls&utm_campaign=undefined&utm_content=acvf6&utm_medium=referral&utm_source=pop Server: Apache Vary: Accept-Encoding Content-Length: 425 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: BIGipServerLIVE_pool=3173257388.20480.0000; path=/ | clean |
http://www.flirt4free.com/rooms/?mp_code=acvf6&click_id=xkpltadu201407040002100000000000000000000000002&service=girls&utm_campaign=undefined&utm_content=acvf6&utm_medium=referral&utm_source=pop | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 03 Jul 2014 22:02:30 GMT Pragma: no-cache Location: /rooms/paula_pineapple/?utm_source=pop&utm_medium=referral&utm_campaign=undefined&utm_content=acvf6 Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=2sk7m2ge9hu75spk9r0cd4o8b0; path=/; HttpOnly Set-Cookie: mp_code=acvf6; expires=Sat, 02-Aug-2014 22:02:30 GMT; path=/; domain=.flirt4free.com Set-Cookie: click_id=xkpltadu201407040002100000000000000000000000002; expires=Fri, 04-Jul-2014 22:02:30 GMT; path=/; domain=.flirt4free.com Set-Cookie: reg_template_overlay=overlay_5; expires=Thu, 03-Jul-2014 23:02:30 GMT; path=/ Set-Cookie: BIGipServerLIVE_pool=3190034604.20480.0000; path=/ | clean |
http://www.flirt4free.com/rooms/paula_pineapple/?utm_source=pop&utm_medium=referral&utm_campaign=undefined&utm_content=acvf6 | 200 OK Content-Length: 50087 Content-Type: text/html | clean |
http://lvlt.vs3.com/min/javascript/group/js_chat_desktop_html5_common_20140603_03.js | 200 OK Content-Length: 300095 Content-Type: application/x-javascript | clean |
http://www.ksdnewr.com/min/javascript/fireworks/fireworks.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 03 Jul 2014 22:02:34 GMT Location: http://adserver.kimia.es/get/iad/1-690-5beb48a093494f8712af5e4c6d50bf80?cl=Redirect_Straight&af=top1&source=ksdnewr.com Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.4-14+deb7u11 | clean |
http://lvlt.vs3.com/javascript/jquery/jquery.validate.js | 200 OK Content-Length: 37358 Content-Type: application/javascript | clean |
http://lvlt.vs3.com/javascript/jquery/jquery.password.js | 200 OK Content-Length: 4915 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vs520.net
Result:
GET / HTTP/1.1
Host: vs520.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: vs520.net
Referer: http://www.google.com/search?q=vs520.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vs520.net
Referer: http://www.google.com/search?q=vs520.net
Result:
The result is similar to the first query. There are no suspicious redirects found.