Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=9ht.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://9ht.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://9ht.com/ | 200 OK Content-Length: 118982 Content-Type: text/html | clean |
http://9ht.com/js/count.js | 200 OK Content-Length: 1703 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.writeln("<script src=\"http:\/\/s96.cnzz.com\/stat.php?id=3763363&web_id=3763363\" language=\"JavaScript\"><\/script>")
document.writeln("<!-- Baidu Button BEGIN -->"); document.writeln("<script type=\"text\/javascript\" id=\"bdshare_js\" data=\"type=slide&img=7&uid=667456\" ><\/script>"); document.writeln("<script type=\"text\/javascript\" id=\"bdshell_js\"><\/script>"); document.writeln("< document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fda72dd9c25ea77dc81434ca1d38b6381' type='text/javascript'%3E%3C/script%3E")); var cpro_id = "u1301663"; document.writeln("<script src=\"http://cpro.baidustatic.com/cpro/ui/f.js\" type=\"text/javascript\"></script>"); document.writeln('<script src="http://m.pc6.com/js/sj-sofe.js" type="text/javascript"></script>'); Antivirus reports:
| ||
http://9ht.com/skin2012/js/indFunc.js | 200 OK Content-Length: 5497 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function inputDefault(obj){
var $obj = $(obj); var defaultVal = $obj.val(); $obj.focus(function(){ var iptval = $(this).val(); if(!this.defaultValue){ this.defaultValue = defaultVal; }; if(iptval==this.defaultValue){ $(this).val(""); } }); $obj.blur(function(){ var iptval = $(this).val(); if(iptval==""){ $(this).val(this.defaultValue); } }); }); min_height ? min_height = min_height : min_height = 600; $(window).scroll(function(){ var s = $(window).scrollTop(); if( s > min_height){ $("#gotoBox").fadeIn(100); }else{ $("#gotoBox").fadeOut(200); }; }); }; gotoTop(); var ewm_html = '<p id="ewm"><img src="/images/ewm.jpg" /></p>'; Antivirus reports:
| ||
http://9ht.com/test404page.js | 404 Not Found Content-Length: 5058 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 9ht.com
Result:
HTTP/1.1 200 OK
Date: Wed, 20 Aug 2014 03:44:25 GMT
Accept-Ranges: bytes
ETag: W/"8666ff5f28bccf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 118982
Content-Type: text/html
Last-Modified: Wed, 20 Aug 2014 03:39:41 GMT
...118982 bytes of data.
GET / HTTP/1.1
Host: 9ht.com
Result:
HTTP/1.1 200 OK
Date: Wed, 20 Aug 2014 03:44:25 GMT
Accept-Ranges: bytes
ETag: W/"8666ff5f28bccf1:0"
Server: Microsoft-IIS/7.5
Content-Length: 118982
Content-Type: text/html
Last-Modified: Wed, 20 Aug 2014 03:39:41 GMT
...118982 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: 9ht.com
Referer: http://www.google.com/search?q=9ht.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 9ht.com
Referer: http://www.google.com/search?q=9ht.com
Result:
The result is similar to the first query. There are no suspicious redirects found.