Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=fashioncode.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://fashioncode.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://fashioncode.ru/ | 200 OK Content-Length: 6009 Content-Type: text/html | clean |
http://fashioncode.ru/bitrix/js/main/core/core.js?1364972583 | 200 OK Content-Length: 76550 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(){ if (!!window.BX && !!window.BX.extend) return; var _bxtmp; if (!!window.BX) { _bxtmp = window.BX; } window.BX = function(node, bCache) { if (BX.type.isNotEmptyString(node)) { var ob; if (!!bCache && null != NODECACHE[node]) ob = NODECACHE[node]; ob = ob || document.getElementById(node); if (!!bCache) NODECACHE[node] = ob; return ob; } else if (BX.type.isDomNode(node Antivirus reports:
| ||
http://fashioncode.ru/bitrix/js/main/core/core_ajax.js?1364972585 | 200 OK Content-Length: 30467 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function(window){ if (window.BX.ajax) return; var BX = window.BX, tempDefaultConfig = {}, defaultConfig = { method: 'GET', dataType: 'html', timeout: 0, async: true, processData: true, scriptsRunFirst: false, emulateOnload: true, start: true, cache: true, preparePost: true, headers: false, lsTimeout: 30, lsForce: false }, ajax_session = null, loadedScripts = {}, loadedScriptsQueue = [], r = { 'url_utf Antivirus reports:
| ||
http://fashioncode.ru/bitrix/js/main/session.js?1364972583 | 200 OK Content-Length: 5606 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function CBXSession() { var _this = this; this.mess = {}; this.timeout = null; this.sessid = null; this.bShowMess = true; this.dateStart = new Date(); this.dateInput = new Date(); this.dateCheck = new Date(); this.activityInterval = 0; this.notifier = null; this.Expand = function(timeout, sessid, bShowMess, key) { this.timeout = timeout; this.sessid = sessid; this.bShowMess = bShowMess; this.key = key;< Antivirus reports:
| ||
http://fashioncode.ru/butik/ | 200 OK Content-Length: 29575 Content-Type: text/html | clean |
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery-1.8.2.min.js | 200 OK Content-Length: 95884 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function G(a){var b=F[a]={};return p.each(a.split(s),function(a,c){b[c]=!0}),b}function J(a,c,d){if(d===b&&a.nodeType===1){var e="data-"+c.replace(I,"-$1").toLowerCase();d=a.getAttribute(e);if(typeof d=="string"){try{d=d==="true"?!0:d==="false"?!1:d==="null"?null:+d+""===d?+d:H.test(d)?p.parseJSON(d):d}catch(f){}p.data(a,c,d)}else d=b}return d}function K(a){var b;for(b in a){if(b==="data"&&p.isEmptyObject(a[b]))continue;if(b!=="toJSON")return!1}return!0}function ba Antivirus reports:
| ||
http://fashioncode.ru/bitrix/js/socialservices/ss.js?1364972585 | 200 OK Content-Length: 3868 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function BxShowAuthService(id, suffix) { var bxCurrentAuthId = ''; if(window['bxCurrentAuthId'+suffix]) bxCurrentAuthId = window['bxCurrentAuthId'+suffix]; BX('bx_auth_serv'+suffix).style.display = ''; if(bxCurrentAuthId != '' && bxCurrentAuthId != id) { BX('bx_auth_href_'+suffix+bxCurrentAuthId).className = ''; BX('bx_auth_serv_'+suffix+bxCurrentAuthId).style.display = 'none'; } BX('bx_auth_href_'+suffix+id).className = 'bx-ss-se Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/js/slides.min.jquery.js | 200 OK Content-Length: 10151 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.slides=function(option){option=$.extend({},$.fn.slides.option,option);return this.each(function(){$('.'+option.container,$(this)).children().wrapAll('<div class="slides_control"/>');var elem=$(this),control=$('.slides_control',elem),total=control.children().size(),width=control.children().outerWidth(),height=control.children().outerHeight(),start=option.start-1,effect=option.effect.indexOf(',')<0?option.effect:option.effect.replace(' ','').split(',')[0],paginationEffec Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/script.js | 200 OK Content-Length: 30514 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) $(".tabsblock > .tabs > a").live('click', function() { var ind = $(this).index(); ind++; if ($(this).hasClass("active")){} else { $(this).parents('.tabsblock').find('.active').removeClass('active') $(this).addClass('active'); $(".tabsblock").find(".cnt:nth-child("+ind+")").addClass('active'); } return false; }); $("#notify_auth_form > .social > form > ul > li > a").live('click', function() { setTimeout(function() Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.carouFredSel-5.6.4-packed.js | 200 OK Content-Length: 34773 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H($){8($.1P.1J)J;$.1P.1J=H(y,z){8(1g.V==0){1e(N,\'5s 4q 6u 1m "\'+1g.3U+\'".\');J 1g}8(1g.V>1){J 1g.1K(H(){$(1g).1J(y,z)})}F A=1g,$19=1g[0];8(A.1r(\'4r\')){F B=A.1D Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.cookie.js | 200 OK Content-Length: 6820 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.cookie = function(name, value, options) { if (typeof value != 'undefined') { options = options || {}; if (value === null) { value = ''; options = $.extend({}, options); options.expires = -1; } var expires = ''; if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) { var date; if (typeof options.expires == Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.slideViewerPro.1.5.js | 200 OK Content-Length: 12994 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.extend( jQuery.easing, { easeInOutExpo: function (x, t, b, c, d) { if (t==0) return b; if (t==d) return b+c; if ((t/=d/2) < 1) return c/2 * Math.pow(2, 10 * (t - 1)) + b; return c/2 * (-Math.pow(2, -10 * --t) + 2) + b; } }); jQuery(function(){ jQuery("div.svwp").prepend("<img src='images/svwloader.gif' class='ldrgif' alt='loading...'/ >"); }); var j = 0; jQuery.fn.slideViewerPro = function(settings) { settings = jQue Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/js/jquery.timers.js | 200 OK Content-Length: 5656 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.extend({ everyTime: function(interval, label, fn, times, belay) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, times, belay); }); }, oneTime: function(interval, label, fn) { return this.each(function() { jQuery.timer.add(this, interval, label, fn, 1); }); }, stopTime: function(label, fn) { return this.each(function() { jQuery.timer.remove(this, label, fn); }); } }); Antivirus reports:
| ||
http://fashioncode.ru/bitrix/templates/eshop_blue/components/bitrix/menu/horizontal_multilevel/script.js?1364972300 | 200 OK Content-Length: 2918 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var jshover = function() { var menuDiv = document.getElementById("horizontal-multilevel-menu") if (!menuDiv) return; var sfEls = menuDiv.getElementsByTagName("li"); for (var i=0; i<sfEls.length; i++) { sfEls[i].onmouseover=function() { this.className+=" jshover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" jshover\\b"), ""); } } } if (window.attachEvent Antivirus reports:
| ||
http://fashioncode.ru/special-offer/ | 200 OK Content-Length: 36027 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: fashioncode.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 26 Aug 2014 11:56:31 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Length: 6009
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=bbd9a13cf4d3d275d4fecdaae2b2fde0; path=/
X-Powered-CMS: Bitrix Site Manager (4be2b5d1fc90fdee13b7766422e8e6ae)
...6009 bytes of data.
GET / HTTP/1.1
Host: fashioncode.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 26 Aug 2014 11:56:31 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Length: 6009
Content-Type: text/html; charset=windows-1251
Expires: Thu, 19 Nov 1981 08:52:00 GMT
P3P: policyref="/bitrix/p3p.xml", CP="NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA"
Set-Cookie: PHPSESSID=bbd9a13cf4d3d275d4fecdaae2b2fde0; path=/
X-Powered-CMS: Bitrix Site Manager (4be2b5d1fc90fdee13b7766422e8e6ae)
...6009 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: fashioncode.ru
Referer: http://www.google.com/search?q=fashioncode.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: fashioncode.ru
Referer: http://www.google.com/search?q=fashioncode.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.