Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=finanzplanungs-buero.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: info.tm
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=15
Connection: close
Date: Fri, 30 Oct 2015 11:11:59 GMT
Location: http://freedns.afraid.org
Server: nginx/1.8.0
Content-Length: 0
Content-Type: text/html
X-Abuse: URL redirection provided by freedns.afraid.org - please report any misuse of this service
X-Powered-By: PHP/5.4.43
...0 bytes of data.
GET / HTTP/1.1
Host: info.tm
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: public, max-age=15
Connection: close
Date: Fri, 30 Oct 2015 11:11:59 GMT
Location: http://freedns.afraid.org
Server: nginx/1.8.0
Content-Length: 0
Content-Type: text/html
X-Abuse: URL redirection provided by freedns.afraid.org - please report any misuse of this service
X-Powered-By: PHP/5.4.43
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: info.tm
Referer: http://www.google.com/search?q=info.tm
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: info.tm
Referer: http://www.google.com/search?q=info.tm
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://finanzplanungs-buero.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 03:45:58 GMT Location: http://www.ihrfps.de Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-UD-Host: webspace.udag.de X-UD-Method: header | malicious |
http://www.ihrfps.de/ | 200 OK Content-Length: 8509 Content-Type: text/html | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/js3caf.js | 200 OK Content-Length: 3490 Content-Type: application/javascript | clean |
http://d32ffatx74qnju.cloudfront.net/scripts/tier2caf.js | 200 OK Content-Length: 28865 Content-Type: application/javascript | clean |
http://finanzplanungs-buero.com/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=ihrfps.de&ron=0&adult=0 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 11 Jan 2015 03:46:00 GMT Location: http://www.ihrfps.de/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=ihrfps.de&ron=0&adult=0 Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html X-UD-Host: webspace.udag.de X-UD-Method: header | malicious |
http://www.ihrfps.de/scripts/feedmecaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=ihrfps.de&ron=0&adult=0 | 200 OK Content-Length: 8505 Content-Type: text/html | clean |
http://www.ihrfps.de/scripts/feedmeCaf.php?q=&ip=78.158.11.226&max=10&hl=lt&d=ihrfps.de&ron=0&adult=0 | 200 OK Content-Length: 5295 Content-Type: text/plain | clean |
http://www.ihrfps.de/test404page.js | 200 OK Content-Length: 0 Content-Type: text/html | clean |