Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zhxww.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zhxww.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.zhxww.net/ | HTTP/1.1 302 Object moved Cache-Control: private Connection: close Date: Fri, 03 Oct 2014 06:37:37 GMT Location: http://zh.cnnb.com.cn Server: Microsoft-IIS/5.0 Content-Length: 142 Content-Type: text/html Set-Cookie: ASPSESSIONIDCASDRQQB=IHLIJNOCPLEHNFLLFGICAJJM; path=/ | clean |
http://zh.cnnb.com.cn/ | 200 OK Content-Length: 109724 Content-Type: text/html | malicious |
Page code contains blacklisted domain: qzlx.zhxww.net <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> </style> <meta http-equiv="Content-Type" content="text/html; charset=gb2312" /> <meta http-equiv="X-UA-Compatible" content="IE=EmulateIE7" /> <base target="_blank"> <title>Õòº£ÐÂÎÅÍø_Õã½Ê¡×î¼ÑÏØÊÐÐÂÎÅÍø</title& ...[4264 bytes skipped]... Malicious iFrame found. size: 220x20 src: http://www.zhxww.net/zhuanti/todayonhistory/indext.asp This URL is marked by Yandex as suspicious <iframe width="220" height="20" frameborder="0" scrolling="no" src="http://www.zhxww.net/zhuanti/todayonhistory/indext.asp" allowtransparency="true"> Malicious iFrame found. size: 720x73 src: http://www.zhxww.net/flash_xzy/index5.asp This URL is marked by Yandex as suspicious <iframe src="http://www.zhxww.net/flash_xzy/index5.asp" scrolling="no" frameborder="0" height="73" width="720" > Malicious iFrame found. size: 702x66 src: http://www.zhxww.net/flash_xzy/index_7.asp This URL is marked by Yandex as suspicious <iframe src="http://www.zhxww.net/flash_xzy/index_7.asp" scrolling="no" frameborder="0" height="66" width="702" > Malicious iFrame found. size: 208x70 src: http://www.zhxww.net/flash_xzy/index12.asp This URL is marked by Yandex as suspicious <iframe src="http://www.zhxww.net/flash_xzy/index12.asp" scrolling="no" frameborder="0" height="70" width="208" > Malicious iFrame found. size: 100x320 src: http://www.zhxww.net/newfront/08/lakai1.asp This URL is marked by Yandex as suspicious <iframe src="http://www.zhxww.net/newfront/08/lakai1.asp" scrolling=no frameborder=0 height=320 width=100% > Malicious iFrame found. size: 335x20 src: http://www.zhxww.net/zhuanti/todayonhistory/guanggao3.asp This URL is marked by Yandex as suspicious <iframe width="335" height="20" frameborder="0" scrolling="no" src="http://www.zhxww.net/zhuanti/todayonhistory/guanggao3.asp" allowtransparency="true"> | ||
http://zh.cnnb.com.cn/dzwwwflash_1.js | 200 OK Content-Length: 7442 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/jquery.js | 200 OK Content-Length: 69989 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/jquery_slider.js | 200 OK Content-Length: 7136 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/js/closegq.js | 200 OK Content-Length: 4334 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/zhnews408/gaer/wmfy/RecommendNews.js | 200 OK Content-Length: 1289 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/zhnews4031/sptv/bwzf/index_2009.js | 200 OK Content-Length: 956 Content-Type: application/x-javascript | clean |
http://zh.cnnb.com.cn/zhnews4026604/JS/sy_tt.js | 200 OK Content-Length: 253 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<table width=100% ><tr>")
document.write("<td ><a href=http://zh.cnnb.com.cn/zhnews4026604/zmzhr/sp/20140915143135.htm target=_blank><font color=red>[ÝæÝæÃÀʳ]</font>Ê¢ÏĵÄβ°Í ×ß½ø¡°Ðé¶ÈµÄ¹âÒõ¡±</a></td>") document.write("</table>") Antivirus reports:
| ||
http://www.zhxww.net/ztnews/nrfl/RecommendNews_2009.js | 200 OK Content-Length: 428 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("[רÌâ]<a href=http://zh.cnnb.com.cn/ztnews/nrfl/jrqd/20140928094840.asp target=_blank>¹úÇ쳤¼ÙÀÖ·Ìì »Æ½ðÖܳöÓι¥ÂÔ</a><br>")
document.write("[רÌâ]<a href=http://zh.cnnb.com.cn/ztnews/nrfl/jrqd/20140925152246.asp target=_blank>¾Å¾ÅÖØÑô¾´ÀÏÔ ŨŨ°®Ðľ´ÀÏÇé</a><br>") document.write("[רÌâ]<a href=http://zh.cnnb.com.cn/ztnews/nrfl/ztxc/20140910091958.asp target=_blank>µÚÊ®´ÎÇøÕþ¸®³£Îñ»áÒéÍøÂçÖ±²¥</a><br>") Antivirus reports:
| ||
http://www.zhxww.net/zhnews501/hdzx/RecommendNews_20091.js | 200 OK Content-Length: 295 Content-Type: application/x-javascript | clean |
http://www.zhxww.net/zhnews405/JS/09zhr.js | 200 OK Content-Length: 341 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write("<table cellspacing=0 cellpadding=0><tr>")
document.write("<td><a href=http://zh.cnnb.com.cn/zhnews405/txzhr/qt/20140930092926.htm target=_blank><img src=http://img.zhxww.net/zhnews4071/upfile/201409/20140930071037-0.jpg width=113 height=76 border=0 style='border:3px solid #e2e2e2;'></a>") document.write("</tr></table>") Antivirus reports:
| ||
http://nbb.zhxww.net/gaer/JS/09sytu.js | 200 OK Content-Length: 376 Content-Type: application/x-javascript | clean |
http://nbb.zhxww.net/gaer/LastNews_2009.js | 200 OK Content-Length: 1417 Content-Type: application/x-javascript | clean |
http://zbswh.zhxww.net/gaer/JS/09sytu.js | 200 OK Content-Length: 376 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: img.zhxww.net document.write("<table width=100% ><tr>")
document.write("<td align=center><a href=http://zbswh.zhxww.net/gaer/zb4/zb41/201409/20140917093915.asp target=_blank><img src=http://img.zhxww.net/zhnews4073/upfile/201409/20140917073535-1.jpg width=113 height=76 border=0 style='border: 3px solid #e2e2e2;'></a></td>") document.write("</tr><tr>") document.write("</tr></table>") Decoded script: <table width=100% ><tr><td align=center><a href=http://zbswh.zhxww.net/gaer/zb4/zb41/201409/20140917093915.asp target=_blank><img src=http://img.zhxww.net/zhnews4073/upfile/201409/20140917073535-1.jpg width=113 height=76 border=0 style='border: 3px solid #e2e2e2;'></a></td></tr><tr></tr></table> | ||
http://zbswh.zhxww.net/gaer/LastNews_2009.js | 200 OK Content-Length: 1398 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zhxww.net
Result:
GET / HTTP/1.1
Host: zhxww.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zhxww.net
Referer: http://www.google.com/search?q=zhxww.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zhxww.net
Referer: http://www.google.com/search?q=zhxww.net
Result:
The result is similar to the first query. There are no suspicious redirects found.