Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=27c.cc
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bdsm-by-phone.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Sep 2014 14:35:26 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8e06b1c82b32aa3b4105395be05cf340; path=/
X-Pingback: http://bdsm-by-phone.com/xmlrpc.php
GET / HTTP/1.1
Host: bdsm-by-phone.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 26 Sep 2014 14:35:26 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=8e06b1c82b32aa3b4105395be05cf340; path=/
X-Pingback: http://bdsm-by-phone.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: bdsm-by-phone.com
Referer: http://www.google.com/search?q=bdsm-by-phone.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bdsm-by-phone.com
Referer: http://www.google.com/search?q=bdsm-by-phone.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.27c.cc/ | 200 OK Content-Length: 18034 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.taodada.org ...[2715 bytes skipped]... </h2> <span> é¾æ¥ç³è¯·è¦æ±ï¼æ¶å½æ£å¸¸ä¸æ¯éæ³ç«ç¹å³å¯ã <a href="/rewrite.php?rewrite=/index/html?name=link"> æ´å¤è¿æ¥... </a> </span> <p> <a href="http://bbs.tenwang.cn" target="_blank">买家论å</a><a href="http://www.taodada.org" target="_blank">è ¾ç½å°å·å¹³å°</a><a href="http://www.3net.net.cn/" target="_blank">ä¸ç½å·é»è½¯ä»¶å®ç½</a><a href="http://dwz.hk/" target="_blank">çç½åå·¥å ·</a><a href="http://www.27c.cc/ps/" target="_blank">å¨çº¿PS</a> </p> </div> <center> <script type="text/javascript">var cnzz_protocol = (("https:" == document.location.prot ...[1081 bytes skipped]... | ||
http://www.27c.cc/qscms/static/js/jquery.min.js | 200 OK Content-Length: 56462 Content-Type: application/x-javascript | clean |
http://www.27c.cc/qscms/static/js/tdk.js | 200 OK Content-Length: 14256 Content-Type: application/x-javascript | clean |
http://bdimg.share.baidu.com/static/js/bds_s_v2.js?cdnversion=385790 | 200 OK Content-Length: 26180 Content-Type: text/javascript | clean |
http://www.27c.cc/ad/wenzi.js | 200 OK Content-Length: 2372 Content-Type: application/x-javascript | clean |
http://www.27c.cc/tool/ | HTTP/1.1 200 OK Date: Thu, 29 Jan 2015 07:23:46 GMT Accept-Ranges: bytes ETag: "48bb81cc332bd01:2517" Server: Microsoft-IIS/6.0 Content-Length: 28725 Content-Location: http://www.27c.cc/tool/index.html Content-Type: text/html Last-Modified: Thu, 08 Jan 2015 11:11:06 GMT X-Powered-By: ASP.NET | clean |
http://www.27c.cc/tool/index.html | 200 OK Content-Length: 28725 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) window._bd_share_config={"common":{"bdSnsKey":{"tsina":"3918844752","tqq":"b05e2428a9585f4d5d5ca8afc781661f"},"bdText":"","bdMini":"2","bdMiniList":false,"bdPic":"","bdStyle":"0","bdSize":"16"},"slide":{"type":"slide","bdImg":"7","bdPos":"right","bdTop":"100"},"image":{"viewList":["qzone","tsina","tqq","renren","weixin"],"viewText":"·ÖÏíµ½£º","viewSize":"16"}};with(document)0[(getElementsByTagName('head')[0]||body).appendChild(createElement('script')).src='http://bdimg.share.baidu.com/static/api/js/share.js?v=89860593.js?cdnversion='+~(-new Date()/36e5)]; Antivirus reports:
| ||
http://www.taodada.org/bbx/js/ad.js | 404 Not Found Content-Length: 3089 Content-Type: text/html | clean |
http://www.qq.com/404/search_children.js | 200 OK Content-Length: 295 Content-Type: application/javascript | clean |
http://www.taodada.org/ | HTTP/1.1 200 OK Connection: close Date: Thu, 29 Jan 2015 07:25:08 GMT Server: Microsoft-IIS/6.0 Content-Type: text/html X-Powered-By: ASP.NET X-Powered-By: PHP/5.2.17 | malicious |
http://www.27c.cc/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://www.27c.cc/tool/js/clock.js | 200 OK Content-Length: 6446 Content-Type: application/x-javascript | clean |
http://www.27c.cc/tool/js/tianqi.js | 200 OK Content-Length: 211 Content-Type: application/x-javascript | clean |
http://www.taodada.org/tool/qita/js/ip.js | 404 Not Found Content-Length: 3089 Content-Type: text/html | clean |
http://www.taodada.org/tool/qita/ip/ip.php | 404 Not Found Content-Length: 3089 Content-Type: text/html | clean |
http://www.27c.cc/rewrite.php?rewrite=/credit/history/ | 200 OK Content-Length: 17816 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.taodada.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> æ·å®ä¿¡ç¨åå²æ¥è¯¢è®°å½_æ·å®ä¿¡ç¨æè¿æ¥è¯¢æ åµ_å家信ç¨æ¥è¯¢_æ·å®å°å·ä¿¡ç¨æ¥è¯¢ - 27æ� ...[4327 bytes skipped]... | ||
http://www.27c.cc/rewrite.php?rewrite=/express | 200 OK Content-Length: 15345 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.taodada.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title> å¿«éæ¥è¯� - 27æ�-27æ¥è¯¢ç½�-æ·å®ä¿¡ç¨æ¥è¯¢-æ·å¤§å¤�-æ·å¤§å¤§æ¥è¯¢ç½ ...[4352 bytes skipped]... | ||