Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=2rbb.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ndfeb1688.com
Result:
HTTP/1.1 200 OK
Date: Sun, 27 Apr 2014 12:20:04 GMT
Accept-Ranges: bytes
ETag: "214d2af5d15fcf1:1510"
Server: Microsoft-IIS/6.0
Content-Length: 19547
Content-Location: http://ndfeb1688.com/index.htm
Content-Type: text/html
Last-Modified: Thu, 24 Apr 2014 15:29:18 GMT
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
...19547 bytes of data.
GET / HTTP/1.1
Host: ndfeb1688.com
Result:
HTTP/1.1 200 OK
Date: Sun, 27 Apr 2014 12:20:04 GMT
Accept-Ranges: bytes
ETag: "214d2af5d15fcf1:1510"
Server: Microsoft-IIS/6.0
Content-Length: 19547
Content-Location: http://ndfeb1688.com/index.htm
Content-Type: text/html
Last-Modified: Thu, 24 Apr 2014 15:29:18 GMT
X-Powered-By: ASP.NET
X-UA-Compatible: IE=EmulateIE7
...19547 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ndfeb1688.com
Referer: http://www.google.com/search?q=ndfeb1688.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ndfeb1688.com
Referer: http://www.google.com/search?q=ndfeb1688.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.2rbb.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 26 Aug 2014 08:35:41 GMT Location: http://www.lepan.cc/ Server: nginx Content-Type: text/html X-Powered-By-360WZB: wangzhan.360.cn | malicious |
http://www.lepan.cc/ | 200 OK Content-Length: 15530 Content-Type: text/html | clean |
http://www.lepan.cc/includes/js/jquery.js | 200 OK Content-Length: 31043 Content-Type: application/x-javascript | clean |
http://www.2rbb.com/includes/js/common.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=14400 Connection: close Date: Tue, 26 Aug 2014 08:35:47 GMT Age: 0 Location: http://www.lepan.cc/includes/js/common.js Server: nginx Content-Type: text/html VAR-Cache: MISS X-Powered-By-360WZB: wangzhan.360.cn | malicious |
http://www.lepan.cc/includes/js/common.js | 200 OK Content-Length: 8218 Content-Type: application/x-javascript | clean |
http://www.2rbb.com/includes/js/tree.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=14400 Connection: close Date: Tue, 26 Aug 2014 08:35:49 GMT Age: 0 Location: http://www.lepan.cc/includes/js/tree.js Server: nginx Content-Type: text/html VAR-Cache: MISS X-Powered-By-360WZB: wangzhan.360.cn | malicious |
http://www.lepan.cc/includes/js/tree.js | 200 OK Content-Length: 11822 Content-Type: application/x-javascript | clean |
http://www.2rbb.com/includes/js/jquery.mybox.js | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=14400 Connection: close Date: Tue, 26 Aug 2014 08:35:55 GMT Age: 0 Location: http://www.lepan.cc/includes/js/jquery.mybox.js Server: nginx Content-Type: text/html VAR-Cache: MISS X-Powered-By-360WZB: wangzhan.360.cn | malicious |
http://www.lepan.cc/includes/js/jquery.mybox.js | 200 OK Content-Length: 8289 Content-Type: application/x-javascript | clean |
http://www.2rbb.com/online/w.php | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 26 Aug 2014 08:35:57 GMT Location: http://www.lepan.cc/online/w.php Server: nginx Content-Type: text/html X-Powered-By-360WZB: wangzhan.360.cn | malicious |
http://www.lepan.cc/online/w.php | 200 OK Content-Length: 2 Content-Type: text/html | clean |
http://www.lepan.cc/test404page.js | 404 Not Found Content-Length: 564 Content-Type: text/html | clean |
http://js.adm.cnzz.net/js/abase.js | 200 OK Content-Length: 21394 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function FixedRealShow(){return document.body?(this.init.apply(this,arguments),void 0):!1}(function(window){function FnRegister(e,t){return w[e]||(w[e]=t)}function parseParams(e){var t=map[e];return t?{id:e||e,af:t.af||!1,did:t.aid||0,slotType:t.stype,isbefore:t.pop||0,htmlcode:t._html||0,width:t._w||0,height:t._h||0,stime:1e3*t.time||5e3,ptime:1e3*t.parktime||0,loadtime:1e3*t.loadtime||0,closePosition:t.cb||0,scroll:t.sc||0,position:t.pos||0,mleft:t._m_left||0,mtop:t._m_top||0,ip:t.ip||"",isifr Antivirus reports:
| ||
http://www.2rbb.com/templates/default/images/mergesite.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://js.users.51.la/16773767.js | 200 OK Content-Length: 1948 Content-Type: application/x-javascript | clean |