Scanned pages/files
Request | Server response | Status |
http://spd-dessau-mitte.de/ | 200 OK Content-Length: 62130 Content-Type: text/html | clean |
http://spd-dessau-mitte.de/includes/jscript.js | 200 OK Content-Length: 2853 Content-Type: application/javascript | clean |
http://spd-dessau-mitte.de/infusions/party_calendar_panel/overlib.js | 200 OK Content-Length: 49767 Content-Type: application/javascript | clean |
http://www.server-seven.de/counter/counter.php?u=SPD | 200 OK Content-Length: 893 Content-Type: text/html | clean |
http://www.server-seven.de/ | 200 OK Content-Length: 44122 Content-Type: text/html | clean |
http://www.server-seven.de/includes/jscript.js | 200 OK Content-Length: 2849 Content-Type: application/javascript | clean |
http://www.server-seven.de/counter | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 06 Jul 2014 18:36:03 GMT Location: http://www.server-seven.de/counter/ Server: Apache/2.2.27 (Unix) Content-Length: 243 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.server-seven.de/counter/ | 200 OK Content-Length: 14201 Content-Type: text/html | clean |
http://www.server-seven.de/counter/counter.php?u=counterservice | 200 OK Content-Length: 1067 Content-Type: text/html | clean |
http://www.server-seven.de/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21236 Content-Type: text/javascript | clean |
http://www.rally-soft.com/bannerexchange/script.php?id=29&pixel=468x60 | 200 OK Content-Length: 615 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) url=document.location; document.writeln('<a href="http://www.rally-soft.com/bannerexchange/klick.php?id=&pixel=&url='+url+'&c=1314621765" target="_blank"><img src="http://www.rally-soft.com/bannerexchange/banner.php?id=&pixel=&url='+url+'&c=1314621765&ran='+Math.random()+'" border="0" height= width=></a><br><font size="1">Banner Exchange - Server7_<a href="http://www.server-seven.de/bannerexchange.php"target="_blank">::ADD your Site</a>__<a href="http://www.server-seven.de/exchange_top.php"target="_blank"> USER TOPLIST</a>__<a href="http://www.server-seven.de"target="_blank">©Server7</font></a></noscript>'); Antivirus reports:
| ||
http://www.server-seven.de/index.php | 200 OK Content-Length: 44122 Content-Type: text/html | clean |
http://www.server-seven.de/articles.php | 200 OK Content-Length: 30485 Content-Type: text/html | clean |
http://www.server-seven.de/downloads.php | 200 OK Content-Length: 30488 Content-Type: text/html | clean |
http://www.server-seven.de/faq.php | 200 OK Content-Length: 30499 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: spd-dessau-mitte.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Jul 2014 18:36:00 GMT
Server: Apache/2.2.27 (Unix)
Content-Type: text/html
Set-Cookie: fusion_visited=yes; expires=Mon, 06-Jul-2015 18:36:00 GMT; path=/
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: spd-dessau-mitte.de
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 06 Jul 2014 18:36:00 GMT
Server: Apache/2.2.27 (Unix)
Content-Type: text/html
Set-Cookie: fusion_visited=yes; expires=Mon, 06-Jul-2015 18:36:00 GMT; path=/
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: spd-dessau-mitte.de
Referer: http://www.google.com/search?q=spd-dessau-mitte.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: spd-dessau-mitte.de
Referer: http://www.google.com/search?q=spd-dessau-mitte.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spd-dessau-mitte.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spd-dessau-mitte.de/
Result: spd-dessau-mitte.de is not infected or malware details are not published yet.
Result: spd-dessau-mitte.de is not infected or malware details are not published yet.