Scanned pages/files
Request | Server response | Status |
http://faegerer.ch/ | 200 OK Content-Length: 7937 Content-Type: text/html | clean |
http://faegerer.ch/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://faegerer.ch/templates/green_world/jquery.js | 200 OK Content-Length: 85558 Content-Type: application/x-javascript | clean |
http://faegerer.ch/templates/green_world/script.js | 200 OK Content-Length: 8495 Content-Type: application/x-javascript | clean |
http://faegerer.ch/index.php/about | 200 OK Content-Length: 11205 Content-Type: text/html | clean |
http://faegerer.ch/index.php/about/eckdaten | 200 OK Content-Length: 9119 Content-Type: text/html | clean |
http://faegerer.ch/index.php/tour/cat.listevents/2014/12/18/- | 200 OK Content-Length: 15034 Content-Type: text/html | clean |
http://faegerer.ch/media/system/js/mootools-uncompressed.js | 200 OK Content-Length: 183623 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools = { version: '1.12' }; function $defined(obj){ return (obj != undefined); }; function $type(obj){ if (!$defined(obj)) return false; if (obj.htmlElement) return 'element'; var type = typeof obj; if (type == 'object' && obj.nodeName){ switch(obj.nodeType){ case 1: return 'element'; case 3: return (/\S/).test(obj.nodeValue) ? 'textnode' : 'whitespace'; } } if (type == 'object' || type == 'function this.elements.each(function(el, i){ obj[i] = {}; var hide = (i != index) || (this.options.alwaysHide && (el.offsetHeight > 0)); this.fireEvent(hide ? 'onBackground' : 'onActive', [this.togglers[i], el]); for (var fx in this.effects) obj[i][fx] = hide ? 0 : el[this.effects[fx]]; }, this); return this.start(obj); }, showThisHideOpen: function(index){return this.display(index);} }); Fx.Accordion = Accordion; Antivirus reports:
| ||
http://faegerer.ch/components/com_jevents/assets/js/view_detail.js | 200 OK Content-Length: 5684 Content-Type: application/x-javascript | clean |
http://faegerer.ch/index.php/photo | 200 OK Content-Length: 8474 Content-Type: text/html | clean |
http://faegerer.ch/index.php/photo/foto14 | 200 OK Content-Length: 10027 Content-Type: text/html | clean |
http://faegerer.ch/index.php/photo/foto14/zistig14 | 200 OK Content-Length: 26795 Content-Type: text/html | clean |
http://faegerer.ch/index.php/photo/foto14/appenzell14 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://faegerer.ch/test404page.js | 404 Not Found Content-Length: 1635 Content-Type: text/html | clean |
http://faegerer.ch/index.php/photo/foto14/schmudo14 | 200 OK Content-Length: 21920 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: faegerer.ch
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 01:29:26 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 01:29:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: de5ac3ee510cfb6b30788bf72225e190=6vnek23lihuko9p7lhmu5b6002; path=/
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.3
GET / HTTP/1.1
Host: faegerer.ch
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 18 Dec 2014 01:29:26 GMT
Pragma: no-cache
Server: Microsoft-IIS/6.0
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 18 Dec 2014 01:29:26 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: de5ac3ee510cfb6b30788bf72225e190=6vnek23lihuko9p7lhmu5b6002; path=/
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: faegerer.ch
Referer: http://www.google.com/search?q=faegerer.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: faegerer.ch
Referer: http://www.google.com/search?q=faegerer.ch
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=faegerer.ch
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://faegerer.ch/
Result: faegerer.ch is not infected or malware details are not published yet.
Result: faegerer.ch is not infected or malware details are not published yet.