Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=90hdh.in
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.90hdh.in/ | HTTP/1.1 200 OK Date: Thu, 29 Jan 2015 14:27:04 GMT Accept-Ranges: bytes ETag: "7ec316617734d01:11ae" Server: Microsoft-IIS/6.0 Content-Length: 52103 Content-Location: http://www.90hdh.in/index.htm Content-Type: text/html Last-Modified: Tue, 20 Jan 2015 06:07:32 GMT X-Powered-By: ASP.NET | clean |
http://www.90hdh.in/index.htm | 200 OK Content-Length: 52103 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.800cao.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <title>90ºóµÛºÀµ¼º½ - 90ºóµÛºÀµ¼º½Èç´Ë¸øÁ¦£¬Äú¶®µÃ£¬Ò»Õ¾ÔÚÊÖ£¬ºÎÓûºÎÇó£¡www.800cao.com</title> <base target=_blank> <link href="style.css" rel="stylesheet" type="text/css" /> </head> <BODY leftMargin=0 topMargin=0 MARGINHEIGHT="0" MARGINWIDTH="0" onload="ShowConfirmClose(true);"> <div style="display:none"><script src="http://s14.cnzz.com/stat.php?id=5550444&web_id=5550444" language="JavaScript"></script></div> <script language='javas ...[4314 bytes skipped]... | ||
http://s14.cnzz.com/stat.php?id=5550444&web_id=5550444 | 200 OK Content-Length: 10072 Content-Type: application/javascript | clean |
http://www.hrsdh.in/ads1.js | 200 OK Content-Length: 1796 Content-Type: application/x-javascript | clean |
http://www.90hdh.in/<script src= | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.90hdh.in/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.90hdh.in/tan.js | 200 OK Content-Length: 465 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";
function ext() { if(window.event.clientY<132 || altKey) iie.launchURL(popURL); } function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } var popURL = 'http://www.66ml.in'; eval("window.attachEvent('onload',brs);"); eval("window.attachEvent('onunload',ext);"); Decoded script: window.attachEvent('onload',brs); window.attachEvent('onload',brs); function brs() { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; } window.attachEvent('onunload',ext); window.attachEvent('onunload',ext); function ext() { if (window.event.clientY < 132 || altKey) { iie.launchURL(popURL); } } | ||
http://www.hrsdh.in/duilian.js | 200 OK Content-Length: 2762 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.400cao.com ...[432 bytes skipped]... "ALayer1").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; document.getElementById("ALayer2").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; lastScrollY=lastScrollY+percent; } suspendcode12="<DIV id=\"ALayer1\" style=\'left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);\'><div align=left></div><a title=\"\"href=\"http://www.400cao.com/about.html\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/guanggao.png\"></a><br /><a title=\"\"href=\"http://www.55xv.com\" target=\"_blank\"><img width=200 height=250 src=\"http://www.hrsdh.in/duilian.jpg\"></a><br /><a title=\"\"href=\"http://www.0011mt.com/?Intr=204608\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/meng.gif\"></a><br /><a title=\"\"href=\"h ...[1732 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <DIV id="ALayer1" style='left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);'><div align=left></div><a title=""href="http://www.400cao.com/about.html" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/guanggao.png"></a><br /><a title=""href="http://www.55xv.com" target="_blank"><img width=200 height=250 src="http://www.hrsdh.in/duilian.jpg"></a><br /><a title=""href="http://www.0011mt.com/?Intr=204608" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/meng.gif"></a><br />&l ...[1104 bytes skipped]... | ||
http://www.hrsdh.in/you.js | 200 OK Content-Length: 315 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in document.writeln("<script type=\"text/javascript\">");
document.writeln("banner4_iframe=null;"); document.writeln("banner4_ifrv=0;"); document.writeln("banner4_iframe=window.open(\'http://www.66ml.in',\'_blank\');"); document.writeln("if(banner4_iframe!=null)banner4_ifrv=1;"); document.writeln("</script>"); Decoded script: banner4_iframe=null; banner4_ifrv=0; banner4_iframe=window.open('http://www.66ml.in','_blank'); if(banner4_iframe!=null)banner4_ifrv=1; | ||
http://www.hrsdh.in/zuo.js | 200 OK Content-Length: 788 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads2.js | 200 OK Content-Length: 1203 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads3.js | 200 OK Content-Length: 651 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 90hdh.in
Result:
GET / HTTP/1.1
Host: 90hdh.in
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 90hdh.in
Referer: http://www.google.com/search?q=90hdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 90hdh.in
Referer: http://www.google.com/search?q=90hdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.