Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=392345.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stall-weinberg.de
Result:
HTTP/1.1 302 Moved Permanently
Connection: close
Date: Wed, 07 Jan 2015 20:19:20 GMT
Location: http://ww5.stall-weinberg.de
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PleskLin
...0 bytes of data.
GET / HTTP/1.1
Host: stall-weinberg.de
Result:
HTTP/1.1 302 Moved Permanently
Connection: close
Date: Wed, 07 Jan 2015 20:19:20 GMT
Location: http://ww5.stall-weinberg.de
Server: Apache
Content-Length: 0
Content-Type: text/html
X-Powered-By: PleskLin
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stall-weinberg.de
Referer: http://www.google.com/search?q=stall-weinberg.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stall-weinberg.de
Referer: http://www.google.com/search?q=stall-weinberg.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://392345.com/ | HTTP/1.1 301 Moved Permanently Date: Mon, 07 Jul 2014 01:08:20 GMT Location: http://www.39555.com/ Server: Microsoft-IIS/6.0 Content-Length: 144 Content-Type: text/html X-Powered-By: ASP.NET | malicious |
http://www.39555.com/ | 200 OK Content-Length: 301184 Content-Type: text/html | clean |
http://www.39555.com/js/pw_ajax.js | 200 OK Content-Length: 6990 Content-Type: application/x-javascript | clean |
http://392345.com/register.php | HTTP/1.1 301 Moved Permanently Date: Mon, 07 Jul 2014 01:08:24 GMT Location: http://www.39555.com/register.php Server: Microsoft-IIS/6.0 Content-Length: 156 Content-Type: text/html X-Powered-By: ASP.NET | malicious |
http://www.39555.com/register.php | 200 OK Content-Length: 22887 Content-Type: text/html | clean |
http://www.39555.com/js/pw_register.js | 200 OK Content-Length: 8640 Content-Type: application/x-javascript | clean |
http://392345.com/js/passwordstrength.js | HTTP/1.1 301 Moved Permanently Date: Mon, 07 Jul 2014 01:08:26 GMT Location: http://www.39555.com/js/passwordstrength.js Server: Microsoft-IIS/6.0 Content-Length: 166 Content-Type: text/html X-Powered-By: ASP.NET | malicious |
http://www.39555.com/js/passwordstrength.js | 200 OK Content-Length: 3392 Content-Type: application/x-javascript | clean |
http://392345.com/js/global.js | HTTP/1.1 301 Moved Permanently Date: Mon, 07 Jul 2014 01:08:27 GMT Location: http://www.39555.com/js/global.js Server: Microsoft-IIS/6.0 Content-Length: 156 Content-Type: text/html X-Powered-By: ASP.NET | malicious |
http://www.39555.com/js/global.js | 200 OK Content-Length: 10169 Content-Type: application/x-javascript | clean |
http://count27.51yes.com/click.aspx?id=272379975&logo=1 | 200 OK Content-Length: 1777 Content-Type: text/html | clean |
http://count27.51yes.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://392345.com/login.php | HTTP/1.1 301 Moved Permanently Date: Mon, 07 Jul 2014 01:08:31 GMT Location: http://www.39555.com/login.php Server: Microsoft-IIS/6.0 Content-Length: 153 Content-Type: text/html X-Powered-By: ASP.NET | malicious |
http://www.39555.com/login.php | 200 OK Content-Length: 16053 Content-Type: text/html | clean |
http://www.39555.com/sendpwd.php | 200 OK Content-Length: 14949 Content-Type: text/html | clean |
http://www.39555.com/index.php | 200 OK Content-Length: 301184 Content-Type: text/html | clean |
http://www.39555.com/index.php?fid-2.html | 200 OK Content-Length: 301184 Content-Type: text/html | clean |
http://www.39555.com/post.php?fid=2 | 200 OK Content-Length: 16718 Content-Type: text/html | clean |
http://www.39555.com/read.php?tid-323676.html | 200 OK Content-Length: 62513 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.2225.cc ...[50513 bytes skipped]... </th> </tr> <tr class="tr1 r_one"> <th style="vertical-align:bottom;border:0;padding:0px;padding-top:30px;"> <div id="w_tpc" class="c"></div> <div class="c"></div> <table cellspacing=0 cellpadding=0 width='98%' align=center> <tr><td><html> <head> <title>»ÝÔóÉçȺwww.2225.cc</title> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>СʯͷÂÛ̳</title> </head> <body> <p style="margin-top: 0; margin-bottom: 10px"> <font style="FONT-WEIGHT: 700" size="2"> <img height="10" src="http://www.2225.cc/img/zyts.gif" width="16"> </font> <font style="FONT-WEIGHT: 700; font-size:9pt"> <font color="#000000">Õ¾³¤ ...[7021 bytes skipped]... | ||
http://www.39555.com/js/pw_lwd.js | 200 OK Content-Length: 7769 Content-Type: application/x-javascript | clean |