Scanned pages/files
Request | Server response | Status |
http://plaths.de/ | 200 OK Content-Length: 65933 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Hacked by -- <!--Hacked by -->
<h4 style="font-color:red">Warning: Page Restrictor not installed correctly - Headers already sent!</h4><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-de" lang="de-de" > <head> <meta http-equiv="pragma" content="nocache"> <meta http- ...[81264 bytes skipped]... | ||
http://plaths.de/modules/blogger.js | 200 OK Content-Length: 1153 Content-Type: application/javascript | clean |
http://twitter.com/statuses/user_timeline/plaths.json?callback=twitterCallback2&count=1 | HTTP/1.1 301 Moved Permanently Date: Sun, 06 Dec 2015 15:10:32 GMT Location: https://twitter.com/statuses/user_timeline/plaths.json?callback=twitterCallback2&count=1 Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:32 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463224296835; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:32 UTC X-Connection-Hash: cde46460ea248d95d72655c96c1f9906 X-Response-Time: 2 | clean |
https://twitter.com/statuses/user_timeline/plaths.json?callback=twittercallback2&count=1 | HTTP/1.1 302 Found Date: Sun, 06 Dec 2015 15:10:32 GMT Location: https://mobile.twitter.com/statuses/user_timeline/plaths.json?callback=twittercallback2&count=1 Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:32 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463286535428; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:32 UTC Strict-Transport-Security: max-age=631138519 X-Connection-Hash: c98ccd22682ce21b2b27f30e0d70dbe3 X-Response-Time: 3 | clean |
https://mobile.twitter.com/statuses/user_timeline/plaths.json?callback=twittercallback2&count=1 | 404 Not Found Content-Length: 4124 Content-Type: text/html | clean |
https://ma.twimg.com/twitter-mobile/740bcbe80fe58cc2ad9babe880f9a9d6d79dbd05/assets/base.js | 200 OK Content-Length: 7452 Content-Type: application/javascript | clean |
http://twitter.com/ | HTTP/1.1 301 Moved Permanently Date: Sun, 06 Dec 2015 15:10:34 GMT Location: https://twitter.com/ Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:34 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463413083477; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:34 UTC X-Connection-Hash: a934e834feeb5583512fba592460815b X-Response-Time: 2 | clean |
https://twitter.com/ | HTTP/1.1 302 Found Date: Sun, 06 Dec 2015 15:10:34 GMT Location: https://mobile.twitter.com/ Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:34 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463475135259; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:34 UTC Strict-Transport-Security: max-age=631138519 X-Connection-Hash: e229994bd4f1913a650dbca0e28ebd4d X-Response-Time: 3 | clean |
https://mobile.twitter.com/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0 Date: Sun, 06 Dec 2015 15:10:35 GMT Pragma: no-cache Location: https://mobile.twitter.com/i/guest Server: tsa_b Vary: Accept-Encoding Content-Language: en Content-Length: 0 Expires: Tue, 31 Mar 1981 05:00:00 GMT Last-Modified: Sun, 06 Dec 2015 15:10:35 GMT Content-Security-Policy: default-src 'self'; connect-src 'self'; font-src 'self' data:; frame-src https://*.twitter.com https://*.twimg.com twitter: https://www.google.com; img-src https://twitter.com https://*.twitter.com https://*.twimg.com https://maps.google.com https://www.google-analytics.com https://stats.g.doubleclick.net https://www.google.com data:; media-src https://*.twitter.com https://*.twimg.com https://*.cdn.vine.co; object-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' https://*.twitter.com https://*.twimg.com https://www.google.com https://www.google-analytics.com https://stats.g.doubleclick.net; style-src 'unsafe-inline' https://*.twitter.com https://*.twimg.com; report-uri https://twitter.com/i/csp_report?a=O5SWEZTPOJQWY3A%3D&ro=false; Set-Cookie: _mobile_sess=BAh7ByIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoQX2NzcmZfdG9rZW4iJTU5M2NlMTQ3ZjYyNDljYzZkZTY5Y2NjMDIwMzUyZWJl--904ffdd87fee34de37231e0a47eb83b55f5644c8; Expires=Thu, 04 Feb 2016 15:10:35 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: _twitter_sess=BAh7CCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCHov2HdRAToHaWQiJWRl%250AODY4N2NlZmRiZWI2Y2MxNjdjODgxNGQ2YTcwZDQ2--d4a794cd276c7b68f98bf7de70450110086d8c3d; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: d=32; Expires=Mon, 05 Dec 2016 15:10:35 GMT; Path=/; Domain=.twitter.com; Secure Set-Cookie: mobile_metrics_token=144941463584993742; Expires=Tue, 05 Dec 2017 15:10:35 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:35 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: zrca=5; Expires=Tue, 05 Jan 2016 15:10:35 GMT; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463538442982; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:35 UTC Strict-Transport-Security: max-age=631138519 X-Connection-Hash: 19229cd8e2943a8cbb1ec6af226c7d26 X-Content-Type-Options: nosniff X-Frame-Options: SAMEORIGIN X-Response-Time: 10 X-Transaction: f9e08edb56591c02 X-Twitter-Response-Tags: BouncerCompliant X-Xss-Protection: 1; mode=block | clean |
https://mobile.twitter.com/i/guest | 200 OK Content-Length: 4829 Content-Type: text/html | clean |
https://ma.twimg.com/twitter-mobile/740bcbe80fe58cc2ad9babe880f9a9d6d79dbd05/javascripts/framebust.js | 200 OK Content-Length: 238 Content-Type: application/javascript | clean |
http://twitter.com/session/new | HTTP/1.1 301 Moved Permanently Date: Sun, 06 Dec 2015 15:10:36 GMT Location: https://twitter.com/session/new Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:36 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463661006099; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:36 UTC X-Connection-Hash: 00a1547c9288ea7aa8cad76644d26c87 X-Response-Time: 3 | clean |
https://twitter.com/session/new | HTTP/1.1 302 Found Date: Sun, 06 Dec 2015 15:10:37 GMT Location: https://mobile.twitter.com/session/new Server: tsa_b Content-Length: 0 Set-Cookie: ua=m2; Expires=Sun, 06 Dec 2015 16:10:37 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly Set-Cookie: guest_id=v1%3A144941463722596257; Domain=.twitter.com; Path=/; Expires=Tue, 05-Dec-2017 15:10:37 UTC Strict-Transport-Security: max-age=631138519 X-Connection-Hash: 0a81d00c52e616452f5f4b119c0a4d23 X-Response-Time: 3 | clean |
https://mobile.twitter.com/session/new | 200 OK Content-Length: 4450 Content-Type: text/html | clean |
https://mobile.twitter.com/signup | 200 OK Content-Length: 4622 Content-Type: text/html | clean |
https://ma.twimg.com/twitter-mobile/740bcbe80fe58cc2ad9babe880f9a9d6d79dbd05/assets/m2_signup.js | 200 OK Content-Length: 7700 Content-Type: application/javascript | clean |
https://mobile.twitter.com/i/js_inst?input_id=ui_metrics | 200 OK Content-Length: 11939 Content-Type: text/javascript | clean |
https://mobile.twitter.com/tos?lang=en | 200 OK Content-Length: 33849 Content-Type: text/html | clean |
https://g.twimg.com/js/56ce1a0/js_vfYxksVW063mUalw283vtuXLHCZXQIf9HE4YvMjpsbw.js | 200 OK Content-Length: 198505 Content-Type: application/javascript | clean |
https://g.twimg.com/js/56ce1a0/js_XbS6NnEAUejJcVL59F-pX6DN8ENToDacQkmPcr_FIMg.js | 200 OK Content-Length: 104931 Content-Type: application/javascript | clean |
https://g.twimg.com/js/56ce1a0/js_Rk5YIkK6m2gKTGH-GrMu0pM_PlMKXnI0ktQUgXw1XgA.js | 200 OK Content-Length: 1766 Content-Type: application/javascript | clean |
https://g.twimg.com/js/56ce1a0/js_6yE-_uKeO7bidfCOj5hFbBaaInw0QU2U0ekyhBlHU9k.js | 200 OK Content-Length: 737 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: plaths.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Dec 2015 15:10:30 GMT
Server: Apache
Content-Length: 65933
Content-Type: text/html; charset=iso-8859-1
...65933 bytes of data.
GET / HTTP/1.1
Host: plaths.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Dec 2015 15:10:30 GMT
Server: Apache
Content-Length: 65933
Content-Type: text/html; charset=iso-8859-1
...65933 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: plaths.de
Referer: http://www.google.com/search?q=plaths.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: plaths.de
Referer: http://www.google.com/search?q=plaths.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=plaths.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://plaths.de/
Result: plaths.de is not infected or malware details are not published yet.
Result: plaths.de is not infected or malware details are not published yet.