Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fumke.530.at
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fumke.530.at/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://fumke.530.at/ | 200 OK Content-Length: 12914 Content-Type: text/html | clean |
http://nash49porevo.com/r.php?l=http%3A%2F%2Fnash49porevo.com%2F?a=u244r254y215u2w4t2w423m254l2u266r2w24423f4v294w2b4z2 | 500 Can't connect to nash49porevo.com:80 (Bad hostname) Content-Length: 164 Content-Type: text/plain | clean |
http://nash49porevo.com/test404page.js | 500 Can't connect to nash49porevo.com:80 (Bad hostname) Content-Length: 164 Content-Type: text/plain | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 12149 Content-Type: application/javascript | clean |
http://intimcity.org/sticker?id=1480210591&arr=244748426,244748356,244748316,244742186,244738176,244732966,244728746,244725856,244707536,244707506,244707466,244707376,244707156,244703296,244703276,244698586,244690936,239560886&l=prygol&t=_blank&p=tr&enc=cp-1251 | 200 OK Content-Length: 272 Content-Type: text/html | clean |
http://intimcity.org/sticker?id=1480210591&arr=244748426,244748356,244748316,244742186,244738176,244732966,244728746,244725856,244707536,244707506,244707466,244707376,244707156,244703296,244703276,244698586,244690936,239560886&l=prygol&t=_blank&p=br&enc=cp-1251 | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://intimcity.org/sticker?id=1480210591&arr=244748426,244748356,244748316,244742186,244738176,244732966,244728746,244725856,244707536,244707506,244707466,244707376,244707156,244703296,244703276,244698586,244690936,239560886&l=prygol&t=_blank&p=tl&enc=cp-1251 | 200 OK Content-Length: 272 Content-Type: text/html | clean |
http://intimcity.org/sticker?id=1480210591&arr=244748426,244748356,244748316,244742186,244738176,244732966,244728746,244725856,244707536,244707506,244707466,244707376,244707156,244703296,244703276,244698586,244690936,239560886&l=prygol&t=_blank&p=bl&enc=cp-1251 | 200 OK Content-Length: 272 Content-Type: text/html | clean |
http://odnaknopka.ru/ok3.js | 200 OK Content-Length: 2766 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function NewOdnaknopka3() {
this.domain=location.href+'/'; this.domain=this.domain.substr(this.domain.indexOf('://')+3); this.domain=this.domain.substr(0,this.domain.indexOf('/')); this.location=false; this.url=function(system) { var title=encodeURIComponent(document.title); var url=encodeURIComponent(location.href); switch (system) { case 1: return 'http://vkontakte.ru/share.php?url='+url; case 2: return 'http://www.facebook.com/sharer.php?u='+u for (i=0;i<12;i++) { html+='<a href="'+this.url(i+1)+'" onclick="return odnaknopka3.go('+(i+1)+');"><img src="http://odnaknopka.ru/images/blank.gif" width="16" height="16" alt=" #" title="'+titles[i]+'" style="border:0;padding:0;margin:0 4px 0 0;background:url(http://odnaknopka.ru/images/panel.png) no-repeat -270px -'+(i*16)+'px"/></a>'; } document.write(html); } } odnaknopka3=new NewOdnaknopka3(); odnaknopka3.init(); Antivirus reports:
| ||
http://fumke.530.at/Qb3VZ26j | 200 OK Content-Length: 31120 Content-Type: application/javascript | suspicious |
Page code contains blacklisted domain: 530.at ...[1576 bytes skipped]... ength==2 && resolution[0] > 860 && resolution[1] > 350) || (resolution && resolution.length==2 && resolution[0] == 0 && resolution[1] == 0) || resolution == undefined ) { var check = f5448ee8daabd76b3696bf0974e55748(); var _gaq = []; _gaq.push(['_setAccount', 'UA-35990445-6']); _gaq.push(['_setDomainName', 'fumke.530.at']); _gaq.push(['_setCustomVar', 1, 'bereich', 'Webspace', 3]); _gaq.push(['_setCustomVar', 2, 'Domain', '530.at', 3]); _gaq.push(['_setCustomVar', 5, 'Subdomain', 'fumke.530.at', 3]); _gaq.push(['_setCxrxXOnzyLknrOASb6swMUw4dip72F1pZ6W7FVC0llAvKjdbZTmzyIq9RbDTaqJTHYUyCJ1XHPQjYlPCpBGS2HKKVarJUyJBJkOyarBxlUzxE0DtCtDQ72q6S9NIlUvme06cQq9rttBlc8y25FsFl18bPd7FQ83KrGylE84+J3ZfBVk7bsoJSOHZXoP2tBleP+sI2iCpFp41iDxkW5PTSaPVR2UkShiyc1x/r7bKVRxhpbcqSUn966v8jkkVH264skSZFcRmJj ...[1834 bytes skipped]... | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fumke.530.at
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 11 Aug 2014 04:46:16 GMT
Accept-Ranges: bytes
ETag: "9c42bd37-31ea-4c53d3e4ba586"
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Fri, 20 Jul 2012 06:45:35 GMT
GET / HTTP/1.1
Host: fumke.530.at
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 11 Aug 2014 04:46:16 GMT
Accept-Ranges: bytes
ETag: "9c42bd37-31ea-4c53d3e4ba586"
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Fri, 20 Jul 2012 06:45:35 GMT
Second query (visit from search engine):
GET / HTTP/1.1
Host: fumke.530.at
Referer: http://www.google.com/search?q=fumke.530.at
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fumke.530.at
Referer: http://www.google.com/search?q=fumke.530.at
Result:
The result is similar to the first query. There are no suspicious redirects found.