Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oma-fickt-enkel.info
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://oma-fickt-enkel.info/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://oma-fickt-enkel.info/ | 200 OK Content-Length: 17869 Content-Type: text/html | clean |
http://oma-fickt-enkel.info/media/js/jquery-1.5.2.min.js | 200 OK Content-Length: 85924 Content-Type: application/javascript | clean |
http://oma-fickt-enkel.info/media/js/global.js? | 200 OK Content-Length: 21466 Content-Type: application/javascript | clean |
http://s1x.slimtrade.com/s51.js | 200 OK Content-Length: 5010 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: oma-fickt-enkel.net eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('e p=A P("3g 3c 3e (1p)","3o 3n (16)","3l B 2L (13)","2M B 2Y (9)","2Z (5)","2U (5)","3r 3N (3)","2K 3U 3J (0)","3I B 3y (0)","3z (0)");e D=A P("g://3x-3w.1o","g://3t.k","g://3u-B-3v.1o","g://3A.k","g://1q.3B.k","g://3G.k","g://3H-3F.3E","g:/ ...[4571 bytes skipped]... Decoded script: var stTrName=new Array("Youporn auf Deutsch (71)","Hammergeile Pornos (16)","Oma fickt Enkel (13)","Mutter fickt Sohn (9)","CoolOma (5)","Sexfilmchen (5)","Geile Fotzen (3)","Granny Bizarre Porno (0)","Bruder fickt Schwester (0)","Spermaschlucker (0)");var stTrUrl=new Array("http://deutsches-youporn.net","http://pornokantine.com","http://oma-fickt-enkel.net","http://inzestfick.com","http://www.cooloma.com","http://sexfilmchen.com","http://geile-fotzen.tv","http://www.omaocean.com","http://bruder-fickt-schwester.com","http://spermaschlucker.org");var stTrValues=new Array("33,39,39","32,28,7","18,7,1","15,25,28","14,34,30","10,15,2","7,15,9","6,41,2","5,17,7","4,32,47","3,6,1","3,11,0","2,6,4","2,6,0","1,7,0","1,6,0","1,7,0","103,323,36","56,165,6","1,39,0","115,90,22","24,29,7","14,17,2"," ...[9139 bytes skipped]... | ||
http://www.google.com/recaptcha/api/js/recaptcha_ajax.js | 200 OK Content-Length: 115874 Content-Type: text/javascript | clean |
http://porno-deutsch.com/parx/parx.php?s=51 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 17 Sep 2014 21:38:35 GMT Location: http://porno-deutsch.eu/parx/parx.php?s=51 Server: lighttpd/1.4.31 Content-Length: 0 | clean |
http://porno-deutsch.eu/parx/parx.php?s=51 | 200 OK Content-Length: 331 Content-Type: text/javascript | clean |
http://gartis-pornos.com/werbung/pfb_thumb1.js | 400 Bad Request Content-Length: 20 Content-Type: text/html | clean |
http://gartis-pornos.com/test404page.js | 400 Bad Request Content-Length: 20 Content-Type: text/html | clean |
http://slimspread.com/adspace.php?a=b160x600 | 200 OK Content-Length: 39 Content-Type: text/html | clean |
http://slimspread.com/adspace.php?a=text | 200 OK Content-Length: 39 Content-Type: text/html | clean |
http://s35.sitemeter.com/js/counter.js?site=s35omaficktenkel1 | HTTP/1.1 302 Redirect Date: Wed, 17 Sep 2014 21:38:36 GMT Location: http://s35.sitemeter.com/js/counter.asp?site=s35omaficktenkel1 Server: Microsoft-IIS/6.0 Content-Length: 185 Content-Type: text/html X-Powered-By: ASP.NET | clean |
http://s35.sitemeter.com/js/counter.asp?site=s35omaficktenkel1 | 200 OK Content-Length: 7569 Content-Type: application/x-javascript | clean |
http://slimspread.com/adspace.php?a=pu&n=0 | 200 OK Content-Length: 39 Content-Type: text/html | clean |
http://slimspread.com/adspace.php?a=pu&n=1 | 200 OK Content-Length: 39 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oma-fickt-enkel.info
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 21:38:27 GMT
Pragma: no-cache
Server: lighttpd/1.4.19
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4cabdf688056804847fe29459929f875; path=/
X-Powered-By: PHP/5.3.3-7+squeeze14
GET / HTTP/1.1
Host: oma-fickt-enkel.info
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 21:38:27 GMT
Pragma: no-cache
Server: lighttpd/1.4.19
Content-Type: text/html; charset=utf-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=4cabdf688056804847fe29459929f875; path=/
X-Powered-By: PHP/5.3.3-7+squeeze14
Second query (visit from search engine):
GET / HTTP/1.1
Host: oma-fickt-enkel.info
Referer: http://www.google.com/search?q=oma-fickt-enkel.info
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oma-fickt-enkel.info
Referer: http://www.google.com/search?q=oma-fickt-enkel.info
Result:
The result is similar to the first query. There are no suspicious redirects found.