See: https://urlquery.net/report.php?id=1443720805697
Various scripts blacklisted there. e.g.
2015-10-01 2 -happyhouse.be/media/system/js/core.js Malware
2015-10-01 2 -happyhouse.be/media/system/js/caption.js Malware
2015-10-01 2 -happyhouse.be/media/system/js/mootools-core.js Malware
2015-10-01 2 -happyhouse.be/templates/beez_20/javascript/md_stylechanger.js Malware
2015-10-01 2 -happyhouse.be/media/system/js/mootools-more.js Malware
2015-10-01 2 -happyhouse.be/modules/mod_AutsonSlideShow/js/jquery.easing.1.3.js Malware
2015-10-01 2 -happyhouse.be/modules/mod_AutsonSlideShow/js/jquery.animate-colors-min.js Malware
2015-10-01 2 -happyhouse.be/modules/mod_AutsonSlideShow/js/jquery.skitter.min.js Malware
2015-10-01 2 -happyhouse.be/modules/mod_AutsonSlideShow/js/jquery-1.5.2.min.js Malware
2015-10-01 2 -happyhouse.be/index.php/en/ Malware
jQuery Skitter Slideshow malware → coming from https://www.virustotal.com/nl/ip-address/178.33.130.20/information/
PHISHing going on there. The website infection is dynamically generated from multiple files and code snippets scattered throughout legit files. It is done this way on purpose. Backdoors may left there to hack in again. Incomplete hidden iframe tag may come detected as one of the infection elements.
Likewise malware flagged here: http://sakrare.ikyon.se/?ip=195.74.38.18
Google browser difference:
Not identical
Google: 17308 bytes Firefox: 17411 bytes
Diff: 103 bytes
First difference:
litespeed
Vulnerabilities in php/5.4.42
Joomla Version 2.5.14 found at: http://happyhouse.be/administrator/manifests/files/joomla.xml
Joomla Modules, Components and Plugins
The following modules were detected from the HTML source of the Joomla front page.
mod_autsonslideshow
mod_ea_search
The following components were detected from the HTML source of the Joomla front page.
estateagent
Compromised sites will often be linked to malicious javascript in an attempt to attack users of your Joomla installation. Look over the listed javascript, you should be familiar with all scripts and investigate ones you are not sure. In addition removal of unneeded javascript will speed up your website.
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?g12
t=‘’;}}x[l-a]=z;}document.write(‘<’+x[0]+’ ‘+x[4]+’>.‘+x[2]+’{‘+x[1]+’}</‘+x[0]+’>');}dnnViewState();
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fhappyhouse.be%2Fadministrator%2Fmanifests%2Ffiles%2Fjoomla.xml
landing at a.o. htxp://static.pokerist.com/admin/sign-in - Insecure: Pokerist - SignIn AdminBlog padlock icon
static.pokerist.com
Alerts (1)
Insecure login (1)
Password will be transmited in clear to htxp://static.pokerist.com/admin/sign-in
Infos (1)
Encryption (HTTPS) (1)
Communication is NOT encrypted and on outdated Software: HTTP Server: nginx; PHP Version: 5.4.30 (Outdated)
another Amazon Data center glitch: http://toolbar.netcraft.com/site_report?url=http://static.pokerist.com
htxp://www.jogosnet.com.br/ → ‘jogos’ redirecting to -Hijogos.Com
polonus (volunteer website security analyst and website error-hunter)