Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=aavvss.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://aavvss.com/ | HTTP/1.1 200 OK Date: Tue, 27 Jan 2015 21:07:10 GMT Accept-Ranges: bytes ETag: "964735687934d01:11ae" Server: Microsoft-IIS/6.0 Content-Length: 52651 Content-Location: http://aavvss.com/index.htm Content-Type: text/html Last-Modified: Tue, 20 Jan 2015 06:22:03 GMT X-Powered-By: ASP.NET | clean |
http://aavvss.com/index.htm | 200 OK Content-Length: 52651 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.hrsdh.in ...[1279 bytes skipped]... /><BODY leftMargin=0 topMargin=0 MARGINHEIGHT="0" MARGINWIDTH="0" onload="ShowConfirmClose(true);"> <div style="display:none"><script src="http://s22.cnzz.com/stat.php?id=5003537&web_id=5003537" language="JavaScript"></script> </div> <br /> <div align="center"> <a href="http://8389.com/?Intr=71543" target="_blank"><img src="http://www.hrsdh.in/yl200.gif" width="876" height="200" /></a> <a href="http://www.0011mt.com/?Intr=204608" target="_blank"><img src="http://www.hrsdh.in/tee.gif" width="876" height="120" /></a> <a href="http://www.zr398.com/?intr=201549" target="_blank"><img src="http://www.hrsdh.in/888bo.gif" width="876" height="100" /></a> <img src="img/logo.gif" tppabs="http://www.aavvss.com/img/logo.gif" /></div> ...[2809 bytes skipped]... | ||
http://s22.cnzz.com/stat.php?id=5003537&web_id=5003537 | 200 OK Content-Length: 10072 Content-Type: application/javascript | clean |
http://www.hrsdh.in/duilian.js | 200 OK Content-Length: 2762 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.400cao.com ...[432 bytes skipped]... "ALayer1").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; document.getElementById("ALayer2").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; lastScrollY=lastScrollY+percent; } suspendcode12="<DIV id=\"ALayer1\" style=\'left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);\'><div align=left></div><a title=\"\"href=\"http://www.400cao.com/about.html\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/guanggao.png\"></a><br /><a title=\"\"href=\"http://www.55xv.com\" target=\"_blank\"><img width=200 height=250 src=\"http://www.hrsdh.in/duilian.jpg\"></a><br /><a title=\"\"href=\"http://www.0011mt.com/?Intr=204608\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/meng.gif\"></a><br /><a title=\"\"href=\"h ...[1732 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <DIV id="ALayer1" style='left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);'><div align=left></div><a title=""href="http://www.400cao.com/about.html" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/guanggao.png"></a><br /><a title=""href="http://www.55xv.com" target="_blank"><img width=200 height=250 src="http://www.hrsdh.in/duilian.jpg"></a><br /><a title=""href="http://www.0011mt.com/?Intr=204608" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/meng.gif"></a><br />&l ...[1104 bytes skipped]... | ||
http://www.hrsdh.in/you.js | 200 OK Content-Length: 315 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in document.writeln("<script type=\"text/javascript\">");
document.writeln("banner4_iframe=null;"); document.writeln("banner4_ifrv=0;"); document.writeln("banner4_iframe=window.open(\'http://www.66ml.in',\'_blank\');"); document.writeln("if(banner4_iframe!=null)banner4_ifrv=1;"); document.writeln("</script>"); Decoded script: banner4_iframe=null; banner4_ifrv=0; banner4_iframe=window.open('http://www.66ml.in','_blank'); if(banner4_iframe!=null)banner4_ifrv=1; | ||
http://www.hrsdh.in/zuo.js | 200 OK Content-Length: 788 Content-Type: application/x-javascript | clean |
http://aavvss.com/tan.js | 200 OK Content-Length: 465 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";
function ext() { if(window.event.clientY<132 || altKey) iie.launchURL(popURL); } function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } var popURL = 'http://www.66ml.in'; eval("window.attachEvent('onload',brs);"); eval("window.attachEvent('onunload',ext);"); Decoded script: window.attachEvent('onload',brs); window.attachEvent('onload',brs); function brs() { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; } window.attachEvent('onunload',ext); window.attachEvent('onunload',ext); function ext() { if (window.event.clientY < 132 || altKey) { iie.launchURL(popURL); } } | ||
http://aavvss.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aavvss.com
Result:
HTTP/1.1 200 OK
Date: Tue, 27 Jan 2015 21:07:10 GMT
Accept-Ranges: bytes
ETag: "964735687934d01:11ae"
Server: Microsoft-IIS/6.0
Content-Length: 52651
Content-Location: http://aavvss.com/index.htm
Content-Type: text/html
Last-Modified: Tue, 20 Jan 2015 06:22:03 GMT
X-Powered-By: ASP.NET
...52651 bytes of data.
GET / HTTP/1.1
Host: aavvss.com
Result:
HTTP/1.1 200 OK
Date: Tue, 27 Jan 2015 21:07:10 GMT
Accept-Ranges: bytes
ETag: "964735687934d01:11ae"
Server: Microsoft-IIS/6.0
Content-Length: 52651
Content-Location: http://aavvss.com/index.htm
Content-Type: text/html
Last-Modified: Tue, 20 Jan 2015 06:22:03 GMT
X-Powered-By: ASP.NET
...52651 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aavvss.com
Referer: http://www.google.com/search?q=aavvss.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aavvss.com
Referer: http://www.google.com/search?q=aavvss.com
Result:
The result is similar to the first query. There are no suspicious redirects found.