Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=twhl.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://twhl.net/ | 200 OK Content-Length: 41761 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: babao.twhl.net ...[659 bytes skipped]... ; lastScrollY=lastScrollY+percent; } function hide() { lovexin1.style.visibility="hidden"; lovexin2.style.visibility="hidden"; } function closeDL(){ document.getElementById('lovexin1').style.display='none'; document.getElementById('lovexin2').style.display='none'; } suspendcode12="<DIV id=\"lovexin1\" style='left:0px;POSITION:absolute;TOP:180px;'><a href='http://babao.twhl.net/' target='_blank'><img src='images/duilian.jpg' border='0'></a><div style='clear:both'></div><a href='javascript:closeDL();'><img src='images/100831172705937.gif' border='0'></a></div>" suspendcode14="<DIV id=\"lovexin2\" style='right:0px;POSITION:absolute;TOP:180px;'><a href='http://babao.twhl.net/' target='_blank'><img src='images/duilian1.jpg' border='0'></a><div style='clear:both'></div> ...[234 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <DIV id="lovexin1" style='left:0px;POSITION:absolute;TOP:180px;'><a href='http://babao.twhl.net/' target='_blank'><img src='images/duilian.jpg' border='0'></a><div style='clear:both'></div><a href='javascript:closeDL();'><img src='images/100831172705937.gif' border='0'></a></div><DIV id="lovexin2" style='right:0px;POSITION:absolute;TOP:180px;'><a href='http://babao.twhl.net/' target='_blank'><img src='images/duilian1.jpg' border='0'></a><div style='clear:both'></div><a href='javascript:closeDL();'><img src='images/100831172705937.gif' border='0'></a></div> | ||
http://twhl.net/js/swfobject.js | 200 OK Content-Length: 24198 Content-Type: application/x-javascript | clean |
http://twhl.net/goto/js-preview-728x90.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://twhl.net/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://twhl.net/js/tj.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://c.ibangkf.com/i/?l=twhl | 200 OK Content-Length: 2235 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: twhl.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 13 Jan 2015 10:31:07 GMT
Server: Microsoft-IIS/6.0
Content-Length: 41761
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSARASASC=MDMNMAECIOADOAAMAOFJDFNM; path=/
X-Powered-By: ASP.NET
...41761 bytes of data.
GET / HTTP/1.1
Host: twhl.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Tue, 13 Jan 2015 10:31:07 GMT
Server: Microsoft-IIS/6.0
Content-Length: 41761
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSARASASC=MDMNMAECIOADOAAMAOFJDFNM; path=/
X-Powered-By: ASP.NET
...41761 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: twhl.net
Referer: http://www.google.com/search?q=twhl.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: twhl.net
Referer: http://www.google.com/search?q=twhl.net
Result:
The result is similar to the first query. There are no suspicious redirects found.