Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://www.gaumenfreuden.at/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.gaumenfreuden.at Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 24 Sep 2014 20:02:29 GMT Location: http://vados.biz/go Server: Apache Content-Length: 0 Content-Type: text/html | malicious |
URL: http://vados.biz/go/ (imitation of visitor from search engine) GET /go/ HTTP/1.1 Host: vados.biz Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 302 Found Connection: close Date: Wed, 24 Sep 2014 20:02:08 GMT Location: http://online-canadapharmacy.com/ Server: nginx/1.4.1 Content-Length: 292 Content-Type: text/html; charset=iso-8859-1 | suspicious |
Scanned pages/files
| Request | Server response | Status |
http://www.gaumenfreuden.at/ | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.gaumenfreuden.at/test404page.js | 404 Not Found Content-Length: 16692 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/wp-content/plugins/adrotate/library/jquery.clicktracker.js?ver=0.5 | 200 OK Content-Length: 830 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a.gofollow").click(function(){ jQuery(this).each(function() { var tracker = jQuery(this).attr("data-track"); var debug = jQuery(this).attr("data-debug"); jQuery.post( '//' + location.host + '/wp-content/plugins/adrotate/library/clicktracker.php', { track: tracker } ); if(debug == 1) { alert('Tracker: ' + tracker + '\n\nTracker must be defined for clicktracking to work.'); } }); }); }); Antivirus reports:
| ||
http://www.gaumenfreuden.at/wp-content/themes/eptonic/js/jquery.js?ver=4.0 | 200 OK Content-Length: 85259 Content-Type: application/x-javascript | clean |
http://www.gaumenfreuden.at/wp-content/themes/eptonic/js/plugins.combined.js?ver=4.0 | 200 OK Content-Length: 92237 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){var ver="2.97";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function debug(s){$.fn.cycle.debug&&log(s);}function log(){window.console&&console.log&&console.log("[cycle] "+Array.prototype.join.call(arguments," "));}$.expr[":"].paused=function(el){return el.cyclePause;};$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length===0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing children('li:even').addClass('tweet_odd'); if (s.outro_text) list.after(outro); $(widget).trigger("loaded").trigger((tweets.length === 0 ? "empty" : "full")); if (s.refresh_interval) { window.setTimeout(function() { $(widget).trigger("tweet:load"); }, 1000 * s.refresh_interval); } }); }).trigger("tweet:load"); }); }; })(jQuery); Antivirus reports:
| ||
http://www.gaumenfreuden.at/wp-content/themes/eptonic/js/custom.js?ver=4.0 | 200 OK Content-Length: 5794 Content-Type: application/x-javascript | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21412 Content-Type: text/javascript | clean |
http://adtigerat.adspirit.net/adscript.php?pid=965&ord=[timestamp] | 200 OK Content-Length: 4889 Content-Type: text/javascript | clean |
http://www.gaumenfreuden.at//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 24 Sep 2014 20:02:39 GMT Pragma: no-cache Location: http://www.gaumenfreuden.at/s7.addthis.com/js/300/addthis_widget.js/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.gaumenfreuden.at/xmlrpc.php | clean |
http://www.gaumenfreuden.at/s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 16692 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/links/ | 200 OK Content-Length: 27628 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/wp-includes/js/comment-reply.min.js?ver=4.0 | 200 OK Content-Length: 757 Content-Type: application/x-javascript | clean |
http://www.gaumenfreuden.at/kontakt/ | 200 OK Content-Length: 25943 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/kategorie/restaurants/ | 200 OK Content-Length: 25864 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/kategorie/spezialitaeten/ | 200 OK Content-Length: 37967 Content-Type: text/html | clean |
http://www.gaumenfreuden.at/kategorie/lebensmittel/ | 200 OK Content-Length: 27257 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gaumenfreuden.at
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gaumenfreuden.at/
Result: gaumenfreuden.at is not infected or malware details are not published yet.
Result: gaumenfreuden.at is not infected or malware details are not published yet.