Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=itthxg1.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.itthxg1.com/ | 200 OK Content-Length: 36893 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.ffzsgr.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <meta name="keywords" content="æ·«é¼é¼æ è²ç»¼åµç½|æ·«è¡çç¼é妹|åæ¨é¸è²æ çµå½±ç½å"> <meta name="description" content="å¿«æQVODææ¾ ...[4530 bytes skipped]... | ||
http://www.itthxg1.com/views/js/jquery.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://www.itthxg1.com/views/js/system.js | 200 OK Content-Length: 6989 Content-Type: application/x-javascript | clean |
http://www.itthxg1.com/views/js/history.js | 200 OK Content-Length: 4494 Content-Type: application/x-javascript | clean |
http://www.ossjsy.com/comm.js | 200 OK Content-Length: 176 Content-Type: application/x-javascript | clean |
http://www.itthxg1.com/template/default/template.js | 200 OK Content-Length: 2705 Content-Type: application/x-javascript | clean |
http://c.235123.net:89/click/js/a.js | 200 OK Content-Length: 1878 Content-Type: application/x-javascript | clean |
http://www.itthxg1.com/temp/Js/hot.js | 200 OK Content-Length: 468 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<a href="/index.php?s=video/search/wd/%E6%B7%AB%E9%80%BC%E9%80%BC%E6%83%85%E8%89%B2%E7%BB%BC%E5%91%B5%E7%BD%91">æ·«é¼é¼æ
è²ç»¼åµç½</a>'); document.write('<a href="/index.php?s=video/search/wd/%E6%B7%AB%E8%8D%A1%E7%9A%84%E7%9C%BC%E9%95%9C%E5%A6%B9">æ·«è¡çç¼é妹</a>'); document.write('<a href="/index.php?s=video/search/wd/%E5%95%84%E6%9C%A8%E9%B8%9F%E8%89%B2%E6%83%85%E7%94%B5%E5%BD%B1%E7%BD%91%E5%9D%80">åæ¨é¸è²æ çµå½±ç½å</a>'); Antivirus reports:
| ||
http://e.70e.com/js/cpc_wz_wz_stxw.js | 200 OK Content-Length: 1441 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/2013_new.js | 200 OK Content-Length: 1144 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/cpc_wz_tw_ztyw.js | 200 OK Content-Length: 1441 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/cpc_wz_tw_stxw_fd.js | 200 OK Content-Length: 6207 Content-Type: application/x-javascript | clean |
http://e.70e.com/js/cpc_wz_tw_stxw_diy.js | 200 OK Content-Length: 1557 Content-Type: application/x-javascript | clean |
http://www.itthxg1.com/temp/Banner/index-96090.js | 200 OK Content-Length: 38 Content-Type: application/x-javascript | clean |
http://e.70e.com/cpc_img.asp?u=62982&m=2&n=1631,1179&s_px=1 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: itthxg1.com
Result:
GET / HTTP/1.1
Host: itthxg1.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: itthxg1.com
Referer: http://www.google.com/search?q=itthxg1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: itthxg1.com
Referer: http://www.google.com/search?q=itthxg1.com
Result:
The result is similar to the first query. There are no suspicious redirects found.