Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thhsh.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://thhsh.com/ | 200 OK Content-Length: 237 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: d687ef1ed80f97de.0075.cdn.78302.com <meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<script language="javascript" type="text/javascript" src="http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150202172808001.js?d=www.thhsh.com"></script> | ||
http://d687ef1ed80f97de.0075.cdn.78302.com/nipaiyi/cdn/js/20150202172808001.js?d=www.thhsh.com | 200 OK Content-Length: 7515 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: thhsh.com document.writeln("<!DOCTYPE html>");
document.writeln("<html>"); document.writeln("<head><script src=\"http://thhsh.com/tz/appiso.js\" type=\"text/javascript\"></script><script type=\"text/javascript\">uaredirect(\"http://thhsh.com/app\");</script>"); document.writeln("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">"); document.writeln("<title>¿´Æ¬ÉñÆ÷-ÖÖ×ÓËÑË÷ÉñÆ÷thhsh£¬kpsqzz£¬znbbghj£¬pikmvccv</title>"); document.writeln("<meta name=\"keywords\" content=\"¿´Æ¬ÉñÆ÷£¬¿´Æ¬ÉñÆ÷th ...[4001 bytes skipped]... Decoded script: <!DOCTYPE html> <html> <head>uaredirect("http://thhsh.com/app"); <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>¿´Æ¬ÉñÆ÷-ÖÖ×ÓËÑË÷ÉñÆ÷thhsh£¬kpsqzz£¬znbbghj£¬pikmvccv</title> <meta name="keywords" content="¿´Æ¬ÉñÆ÷£¬¿´Æ¬ÉñÆ÷thhsh£¬BTÖÖ×ÓËÑË÷ÉñÆ÷pikmvccv£¬Õ¬Äи£Àûkpsqzz£¬×îÈ«×ÊÔ´ËÑË÷ÉñÆ÷£¬Õ¬Äбر¸znbbghj£¬¸£Àû°É"> <meta name="description" content="¿´Æ¬ÉñÆ÷ÊÇÒ»¿î»¥ÁªÍøÊÓƵ×ÊÔ´µÄËÑË÷ÒýÇ湤¾ß£¬ÓÀ¾ÃÃâ·Ñ£¬Ê¹ÓÃÊýÁ¿È«Íø×î¶à¡£"> & ...[4251 bytes skipped]... | ||
http://thhsh.com/test404page.js | 404 Not Found Content-Length: 5200 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thhsh.com
Result:
HTTP/1.1 200 OK
Cache-Control: 604800
Connection: close
Date: Sat, 28 Feb 2015 04:13:06 GMT
Accept-Ranges: bytes
ETag: "c62a408eca3ed01:0"
Server: nginx/1.6.2
Content-Length: 237
Content-Type: text/html
Last-Modified: Mon, 02 Feb 2015 09:28:08 GMT
X-Powered-By: ASP.NET
...237 bytes of data.
GET / HTTP/1.1
Host: thhsh.com
Result:
HTTP/1.1 200 OK
Cache-Control: 604800
Connection: close
Date: Sat, 28 Feb 2015 04:13:06 GMT
Accept-Ranges: bytes
ETag: "c62a408eca3ed01:0"
Server: nginx/1.6.2
Content-Length: 237
Content-Type: text/html
Last-Modified: Mon, 02 Feb 2015 09:28:08 GMT
X-Powered-By: ASP.NET
...237 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thhsh.com
Referer: http://www.google.com/search?q=thhsh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thhsh.com
Referer: http://www.google.com/search?q=thhsh.com
Result:
The result is similar to the first query. There are no suspicious redirects found.