Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sberbankqwfsk.x3.hu
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sberbankqwfsk.x3.hu/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: seasungroup.com
Result:
GET / HTTP/1.1
Host: seasungroup.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: seasungroup.com
Referer: http://www.google.com/search?q=seasungroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: seasungroup.com
Referer: http://www.google.com/search?q=seasungroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://sberbankqwfsk.x3.hu/ | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 12 Sep 2014 22:05:24 GMT Location: http://x3.hu/nemletezik Server: nginx Content-Length: 0 Content-Type: text/html Expires: Fri, 12 Sep 2014 23:05:24 +0200 X-Served-By: apache X3-Backend: 1 | malicious |
http://x3.hu/nemletezik | 200 OK Content-Length: 10349 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: my.x3.hu <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Strict//EN">
<html> <head> <title>Freeweb - Tárhely mindenkinek</title> <meta name="description" content="" /> <meta name="robots" content="index, follow" /> <link rel="shortcut icon" href="/favicon.ico" /> <link rel="icon" href="/favicon.ico" /> <meta http-equiv="content-type" content="text/html; charset=UTF- ...[4180 bytes skipped]... | ||
http://x3.hu/file/global/common/1324505121/javascripts/prototype.js | 200 OK Content-Length: 74956 Content-Type: application/x-javascript | clean |
http://x3.hu/file/global/common/1324505121/javascripts/scriptaculous/scriptaculous.js | 200 OK Content-Length: 2644 Content-Type: application/x-javascript | clean |
http://x3.hu/file/global/common/1324505121/javascripts/scriptaculous/effects.js | 200 OK Content-Length: 38745 Content-Type: application/x-javascript | clean |
http://x3.hu/file/global/www/1332422570/javascripts/tools.js | 200 OK Content-Length: 14765 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: my.x3.hu ...[3765 bytes skipped]... gth;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function open_ispconfig() { var sessid=readCookie("PHPSESSID"); if (jQuery('#ispc_form').length > 0) { } else { jQuery('<form>').attr({ action: 'https://my.x3.hu/', method: 'POST', id: 'ispc_form', target: '_blank' }).appendTo('body'); jQuery('<input>').attr({ type: 'hidden', name: 'parallel', value: sessid }).appendTo('#ispc_form'); } jQuery('#ispc_form').submit(); } | ||
http://x3.hu/file/global/common/1324505122/jquery/jquery.min.js | 200 OK Content-Length: 91586 Content-Type: application/x-javascript | clean |
http://x3.hu/file/global/common/1324505122/jquery/jquery-ui.min.js | 200 OK Content-Length: 202033 Content-Type: application/x-javascript | clean |
http://x3.hu/file/global/www/1324505112/javascripts/xgemius.js | 200 OK Content-Length: 5826 Content-Type: application/x-javascript | clean |
http://sberbankqwfsk.x3.hu//gemhu.adocean.pl/files/js/ado.js/ | 404 Not Found Content-Length: 350 Content-Type: text/html | clean |
http://sberbankqwfsk.x3.hu/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |