Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hrsdh.in
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.hrsdh.in/ | HTTP/1.1 200 OK Date: Thu, 29 Jan 2015 21:46:24 GMT Accept-Ranges: bytes ETag: "b0a3f9647e34d01:1039" Server: Microsoft-IIS/6.0 Content-Length: 60480 Content-Location: http://www.hrsdh.in/index.htm Content-Type: text/html Last-Modified: Tue, 20 Jan 2015 06:57:45 GMT X-Powered-By: ASP.NET | clean |
http://www.hrsdh.in/index.htm | 200 OK Content-Length: 60480 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.wytsdh.com ...[1993 bytes skipped]... rc="http://www.hrsdh.in/shaofu.gif" width="600" height="60" /></a></td> <SPAN style="display:none"><script src="<script src="http://s15.cnzz.com/stat.php?id=5183624&web_id=5183624" language="JavaScript"></script></SPAN></td> <td width="82" align="center"><img src=img/index.gif border=0> <span style="CURSOR: hand" onClick="window.external.addFavorite('http://www.wytsdh.com/','»ªÈËÉ«µ¼º½')" title="ÊÕ²sp">Proxyie´úÀí</a></li> <li><a href="http://www.hrsdh.in/app/go.asp">´úÀíºÃÖúÊÖ</a></li> <li><a href="http://www.hrsdh.in/app/go.asp">on´úÀí</a></li> <li><a href="http://www.hrsdh.in/app/go.asp">Google·×g</a></li> <li><a href="http://www.hrsdh.in/app/go.asp">ÑÅ»¢·×g</a></li> <li><a href="http://www.hrsdh.in/ ...[2277 bytes skipped]... | ||
http://s5.cnzz.com/stat.php?id=5715791&web_id=5715791 | 200 OK Content-Length: 10071 Content-Type: application/javascript | clean |
http://www.hrsdh.in/ads1.js | 200 OK Content-Length: 1796 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/duilian.js | 200 OK Content-Length: 2762 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.400cao.com ...[432 bytes skipped]... "ALayer1").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; document.getElementById("ALayer2").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; lastScrollY=lastScrollY+percent; } suspendcode12="<DIV id=\"ALayer1\" style=\'left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);\'><div align=left></div><a title=\"\"href=\"http://www.400cao.com/about.html\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/guanggao.png\"></a><br /><a title=\"\"href=\"http://www.55xv.com\" target=\"_blank\"><img width=200 height=250 src=\"http://www.hrsdh.in/duilian.jpg\"></a><br /><a title=\"\"href=\"http://www.0011mt.com/?Intr=204608\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/meng.gif\"></a><br /><a title=\"\"href=\"h ...[1732 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <DIV id="ALayer1" style='left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);'><div align=left></div><a title=""href="http://www.400cao.com/about.html" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/guanggao.png"></a><br /><a title=""href="http://www.55xv.com" target="_blank"><img width=200 height=250 src="http://www.hrsdh.in/duilian.jpg"></a><br /><a title=""href="http://www.0011mt.com/?Intr=204608" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/meng.gif"></a><br />&l ...[1104 bytes skipped]... | ||
http://www.hrsdh.in/<script src= | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.hrsdh.in/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.hrsdh.in/tan.js | 200 OK Content-Length: 465 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";
function ext() { if(window.event.clientY<132 || altKey) iie.launchURL(popURL); } function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } var popURL = 'http://www.66ml.in'; eval("window.attachEvent('onload',brs);"); eval("window.attachEvent('onunload',ext);"); Decoded script: window.attachEvent('onload',brs); window.attachEvent('onload',brs); function brs() { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; } window.attachEvent('onunload',ext); window.attachEvent('onunload',ext); function ext() { if (window.event.clientY < 132 || altKey) { iie.launchURL(popURL); } } | ||
http://www.hrsdh.in/you.js | 200 OK Content-Length: 315 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in document.writeln("<script type=\"text/javascript\">");
document.writeln("banner4_iframe=null;"); document.writeln("banner4_ifrv=0;"); document.writeln("banner4_iframe=window.open(\'http://www.66ml.in',\'_blank\');"); document.writeln("if(banner4_iframe!=null)banner4_ifrv=1;"); document.writeln("</script>"); Decoded script: banner4_iframe=null; banner4_ifrv=0; banner4_iframe=window.open('http://www.66ml.in','_blank'); if(banner4_iframe!=null)banner4_ifrv=1; | ||
http://www.hrsdh.in/zuo.js | 200 OK Content-Length: 788 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads2.js | 200 OK Content-Length: 1203 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads3.js | 200 OK Content-Length: 651 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hrsdh.in
Result:
GET / HTTP/1.1
Host: hrsdh.in
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: hrsdh.in
Referer: http://www.google.com/search?q=hrsdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hrsdh.in
Referer: http://www.google.com/search?q=hrsdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.