Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ygsdh.in
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.ygsdh.in/ | HTTP/1.1 200 OK Date: Thu, 29 Jan 2015 21:56:23 GMT Accept-Ranges: bytes ETag: "b0d9b88b8034d01:1039" Server: Microsoft-IIS/6.0 Content-Length: 73079 Content-Location: http://www.ygsdh.in/index.htm Content-Type: text/html Last-Modified: Tue, 20 Jan 2015 07:13:09 GMT X-Powered-By: ASP.NET | clean |
http://www.ygsdh.in/index.htm | 200 OK Content-Length: 73079 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.hrsdh.in ...[982 bytes skipped]... MARGINWIDTH="0" onload="ShowConfirmClose(true);"> <div style="display:none"><script src="http://s5.cnzz.com/stat.php?id=5721250&web_id=5721250" language="JavaScript"></script></div> <div class="wrapper"> <table cellspacing=0 cellpadding=0 width="890" height="25" border=0 bgColor=#E2F0FF> <tr> <SCRIPT type=text/javascript src="http://www.hrsdh.in/ads1.js"></SCRIPT> <SCRIPT type=text/javascript src="http://www.hrsdh.in/duilian.js"></SCRIPT> <td align="center"> <font color=#ff0000> ææ°å°åï¼<b style="color:#000;background:#ffff66">www.ygsdh.in</b> <font color="#9900FF">å´æ¥å·éé«è³ªéæ人網åå°èª ä¸ä¸ªè²å°èª æ¶éè¦æ±æ»¿è¶³10IPä¾è·¯!ä¸å¨å£¹å³ç追æ±é«æµéï¼IPé«è³ªéææ¯æåç ...[3097 bytes skipped]... | ||
http://s5.cnzz.com/stat.php?id=5721250&web_id=5721250 | 200 OK Content-Length: 10071 Content-Type: application/javascript | clean |
http://www.hrsdh.in/ads1.js | 200 OK Content-Length: 1796 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/duilian.js | 200 OK Content-Length: 2762 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.400cao.com ...[432 bytes skipped]... "ALayer1").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; document.getElementById("ALayer2").style.top=parseInt(document.getElementById("ALayer1").style.top)+percent+"px"; lastScrollY=lastScrollY+percent; } suspendcode12="<DIV id=\"ALayer1\" style=\'left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);\'><div align=left></div><a title=\"\"href=\"http://www.400cao.com/about.html\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/guanggao.png\"></a><br /><a title=\"\"href=\"http://www.55xv.com\" target=\"_blank\"><img width=200 height=250 src=\"http://www.hrsdh.in/duilian.jpg\"></a><br /><a title=\"\"href=\"http://www.0011mt.com/?Intr=204608\" target=\"_blank\"><img width=200 height=175 src=\"http://www.hrsdh.in/meng.gif\"></a><br /><a title=\"\"href=\"h ...[1732 bytes skipped]... Decoded script: heartBeat() heartBeat() /*** called setInterval with heartBeat(), 1 */ <DIV id="ALayer1" style='left:0px;PosITION:absolute;TOP:1px;FILTER: alpha(opacity=85);'><div align=left></div><a title=""href="http://www.400cao.com/about.html" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/guanggao.png"></a><br /><a title=""href="http://www.55xv.com" target="_blank"><img width=200 height=250 src="http://www.hrsdh.in/duilian.jpg"></a><br /><a title=""href="http://www.0011mt.com/?Intr=204608" target="_blank"><img width=200 height=175 src="http://www.hrsdh.in/meng.gif"></a><br />&l ...[1104 bytes skipped]... | ||
http://www.ygsdh.in/tan.js | 200 OK Content-Length: 465 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in var u = "6BF52A52-394A-11D3-B153-00C04F79FAA6";
function ext() { if(window.event.clientY<132 || altKey) iie.launchURL(popURL); } function brs() { document.body.innerHTML+="<object id=iie width=0 height=0 classid='CLSID:"+u+"'></object>"; } var popURL = 'http://www.66ml.in'; eval("window.attachEvent('onload',brs);"); eval("window.attachEvent('onunload',ext);"); Decoded script: window.attachEvent('onload',brs); window.attachEvent('onload',brs); function brs() { document.body.innerHTML += "<object id=iie width=0 height=0 classid='CLSID:" + u + "'></object>"; } window.attachEvent('onunload',ext); window.attachEvent('onunload',ext); function ext() { if (window.event.clientY < 132 || altKey) { iie.launchURL(popURL); } } | ||
http://www.hrsdh.in/you.js | 200 OK Content-Length: 315 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: www.66ml.in document.writeln("<script type=\"text/javascript\">");
document.writeln("banner4_iframe=null;"); document.writeln("banner4_ifrv=0;"); document.writeln("banner4_iframe=window.open(\'http://www.66ml.in',\'_blank\');"); document.writeln("if(banner4_iframe!=null)banner4_ifrv=1;"); document.writeln("</script>"); Decoded script: banner4_iframe=null; banner4_ifrv=0; banner4_iframe=window.open('http://www.66ml.in','_blank'); if(banner4_iframe!=null)banner4_ifrv=1; | ||
http://www.hrsdh.in/zuo.js | 200 OK Content-Length: 788 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads2.js | 200 OK Content-Length: 1203 Content-Type: application/x-javascript | clean |
http://www.hrsdh.in/ads3.js | 200 OK Content-Length: 651 Content-Type: application/x-javascript | clean |
http://www.ygsdh.in/link.html | 200 OK Content-Length: 12958 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.aavvss.com ...[1719 bytes skipped]... ;a href="http://www.90sldh.in" target="_blank">www.90sldh.in</a> ( M×ã50IP¼´¿ÉÊÕä ) ( <font color="#FF0000">ÐèÊÖ¶¯Ìá½»ÍøÖ·´ïµ½IPÒªÇó¼´¿ÉÊÕ¼</font>)</font></tr></TD> <tr bgcolor="#9999990"> <TD class=sss vAlign=top bgColor=#000000><font color=#ffffff>AvsÉ«§º½ÊÕäË×¼£º<a href="http://www.aavvss.com" target="_blank">www.aavvss.com</a> ( M×ã50IP¼´¿ÉÊÕä ) ( <font color="#FF0000">ÊÖ¶¯Ìá½»Õ¾µãÂú×ãIP¼´¿ÉÊÕ¼</font>)</font></tr></TD> <tr bgcolor="#9999990"> <TD class=sss vAlign=top bgColor=#000000><font color=#ffffff>ÎåÔÂÌ짺½ÊÕ伺ͯɫÇé¡¢ÈËÅcÓÎïÉ«Çé²»ÊÕä </font></tr> </TD> </TR> ...[2561 bytes skipped]... | ||
http://www.ygsdh.in/app/addwz.asp | 200 OK Content-Length: 3046 Content-Type: text/html | clean |
http://www.ygsdh.in/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://www.ygsdh.in/app/go.asp | 200 OK Content-Length: 166 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ygsdh.in
Result:
GET / HTTP/1.1
Host: ygsdh.in
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: ygsdh.in
Referer: http://www.google.com/search?q=ygsdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ygsdh.in
Referer: http://www.google.com/search?q=ygsdh.in
Result:
The result is similar to the first query. There are no suspicious redirects found.