Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xixikan.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ampliaformacion.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 16:19:25 GMT
Location: http://www.ampliaformacion.es/
Server: Apache
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
...307 bytes of data.
GET / HTTP/1.1
Host: ampliaformacion.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 11 Jan 2015 16:19:25 GMT
Location: http://www.ampliaformacion.es/
Server: Apache
Content-Length: 307
Content-Type: text/html; charset=iso-8859-1
...307 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ampliaformacion.com
Referer: http://www.google.com/search?q=ampliaformacion.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ampliaformacion.com
Referer: http://www.google.com/search?q=ampliaformacion.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://xixikan.net/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 11:47:08 GMT Location: http://www.xixikan.net/ Server: nginx/0.8.46 Content-Length: 185 Content-Type: text/html | clean |
http://www.xixikan.net/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 09 Oct 2014 11:46:32 GMT Location: http://138yy.yz8.org/vvv-xixikan-net/ Server: nginx/0.8.46 Content-Length: 161 Content-Type: text/html | malicious |
http://138yy.yz8.org/vvv-xixikan-net/ | 200 OK Content-Length: 39499 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pic.huaxiafengyun.com ...[439 bytes skipped]... °,×îеçÊÓ¾ç,×îеçÓ°£¬ºÃ¿´µÄµçÊÓ¾ç,¿ì²¥°Ù¶ÈÓ°Òô¸ãЦµçÓ°,»¶ÓÄú¾³£À´Õâ¿´µçÓ°"/> <meta name="description" content="ÎûÎû¿´Ó°ÔºÊÇÒ»¸öÃâ·ÑµÄµçÓ°ÍøÕ¾,¿´µçÓ°¾Íµ½ÎûÎû¿´Ó°Ôº! ÎûÎû¿´µçÓ°,¿ì²¥¸ãЦµçÓ°ÈÃÍøÂçÉú»î¸üÃÀºÃ£¡°Ù¶ÈÓ°Òô¸ãЦµçÓ°,ÿÌ춼ÓÐÐÂϲ¾çƬ,ÎÒÃÇÕýÔÚŬÁ¦×ö×îºÃµÄµçÊÓ¾çÍøÕ¾£¡"/> <meta name="robots" content="index,follow"> <meta name="googlebot" content="index,follow"> <link href="http://pic.huaxiafengyun.com/pic/template/xixikan/images/style.css" rel="stylesheet"> <script src="http://pic.huaxiafengyun.com/pic/ad.js"></script> <base href="_blank" /> <script>var sitePath=''</script> </head> <body> <div class="xiwrapka"> <div id="header" class="xiboxka mb"> <div class="xilka headleft"><a href="http://www.xixikan.net" title="ÎûÎû¿´Ó°Ôº" target="_self" class=" ...[3823 bytes skipped]... | ||
http://pic.huaxiafengyun.com/pic/ad.js | 200 OK Content-Length: 17381 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: youku-tv.com ...[1226 bytes skipped]... } if (typeof host != "undefined" && null != host) { var strAry = host.split("."); if (strAry.length > 1) { host = strAry[strAry.length - 2] + "." + strAry[strAry.length - 1]; } } return host; } var dm = getHost(); if(dm == 'youku-tv.com' || dm == 'tudoutv.net' || dm == '7788tv.net' || dm == 'ckdyy.com' || dm == 'aiaidy.org' || dm == '90he.net' || dm == 'huohutv.com' ){ isqi = 1; } if(dm == '51tuo.com' ){ isyou = 1; } if(dm == '138yy.com' ){ ispop = 0; } function ad468x1(){ if (isPc==0) return; document.writeln('<script type="text/JavaScript" charset="gb2312">'); document.writeln('s_noadid="";'); ...[2731 bytes skipped]... | ||
http://js.tongji.linezing.com/2753590/tongji.js | 200 OK Content-Length: 12836 Content-Type: application/x-javascript | clean |
http://xixikan.net/search.asp?searchword=ÌÒ½ã | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 11:47:14 GMT Location: http://www.xixikan.net/search.asp?searchword=%CC%D2%BD%E3 Server: nginx/0.8.46 Content-Length: 185 Content-Type: text/html | clean |
http://www.xixikan.net/search.asp?searchword=%cc%d2%bd%e3 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Thu, 09 Oct 2014 11:46:37 GMT Location: http://138yy.yz8.org/vvv-xixikan-net/search.asp?searchword=%cc%d2%bd%e3 Server: nginx/0.8.46 Content-Length: 161 Content-Type: text/html | malicious |
http://138yy.yz8.org/vvv-xixikan-net/search.asp?searchword=%cc%d2%bd%e3 | 200 OK Content-Length: 10713 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: pic.huaxiafengyun.com <!doctype html public "-//w3c//dtd xhtml 1.0 transitional//en" "http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=gb2312" /> <title>ÌÒ½ã-ÎûÎû¿´Ó°Ôº</title> <meta name="keywords" content="ÌÒ½ã,ÎûÎû¿´Ó°Ôº" /> <meta name="description" content="ÌÒ½ã,ÎûÎû¿´Ó°Ôº" /> <link href="http://pic.huaxiafengyun.com/pic/template/xixikan/images/style.css" rel="stylesheet"> <script>var sitePath=''</script> <script src="http://pic.huaxiafengyun.com/pic/ad.js"></script> <base href="_blank" /> </head> <body> <div class="xiwrapka"> <div id="header" class="xiboxka mb"> <div class="xilka headleft"><a href="http://www.xixikan.net ...[4227 bytes skipped]... | ||
http://138yy.yz8.org/search.asp?searchword=ÌÒ½ã | 200 OK Content-Length: 11222 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/js/common.js | 200 OK Content-Length: 8103 Content-Type: application/x-javascript | clean |
http://138yy.yz8.org/js/function.js | 200 OK Content-Length: 13698 Content-Type: application/x-javascript | clean |
http://js.tongji.linezing.com/2700526/tongji.js | 200 OK Content-Length: 12836 Content-Type: application/x-javascript | clean |
http://138yy.yz8.org/ | 200 OK Content-Length: 44685 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying1.html | 200 OK Content-Length: 23901 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying2.html | 200 OK Content-Length: 23775 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying13.html | 200 OK Content-Length: 23597 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying3.html | 200 OK Content-Length: 23746 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying4.html | 200 OK Content-Length: 23829 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> | ||
http://138yy.yz8.org/list_dianying/dianying5.html | 200 OK Content-Length: 23687 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: www.116mm.com document.writeln('<'+'a href="http'+'://www.116'+'mm.com/xh/index.html?f=138'+'"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /><'+'/a>'); Decoded script: <a href="http://www.116mm.com/xh/index.html?f=138"><img src="http://www.138yy.com/120x60.gif" alt="ÃÀŮͼƬ" /></a> |