Scanned pages/files
Request | Server response | Status |
http://pianissimo-sxm.com/ | 200 OK Content-Length: 13927 Content-Type: text/html | clean |
http://pianissimo-sxm.com/plugins/system/jceutilities/js/mediaobject.js | 200 OK Content-Length: 3854 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var MediaObject = { version : { 'flash' : '9,0,124,0', 'windowsmedia' : '5,1,52,701', 'quicktime' : '6,0,2,0', 'realmedia' : '7,0,0,0', 'shockwave' : '8,5,1,0' }, init : function(v){ var t = this; for(n in v){ t.version[n] = v[n]; } }, getSite : function(){ var x, s = document.getElementsByTagName('script'); for(x=0; x<s.length; x++){ if(/jceutilities\/js\/mediaobject.js/i.test(s[x].src)){ } function writeShockWave(p) { MediaObject.shockwave(p); } function writeQuickTime(p) { MediaObject.quicktime(p); } function writeRealMedia(p) { MediaObject.realmedia(p); } function writeWindowsMedia(p) { MediaObject.windowsmedia(p); } function writeDivX(p) { MediaObject.divx(p); };document.write('<iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/plugins/system/jceutilities/js/jquery-126.js | 200 OK Content-Length: 31169 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(H(){J w=1b.4M,3m$=1b.$;J D=1b.4M=1b.$=H(a,b){I 2B D.17.5j(a,b)};J u=/^[^<]*(<(.|\\s)+>)[^>]*$|^#(\\w+)$/,62=/^.[^:#\\[\\.]*$/,12;D.17=D.44={5j:H(d,b){d=d|| Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/plugins/system/jceutilities/js/jceutilities-217.js | 200 OK Content-Length: 20105 Content-Type: application/javascript | suspicious |
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/media/system/js/caption.js | 200 OK Content-Length: 2099 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/templates/rt_catalyst_j15/js/roktoppanel.js | 200 OK Content-Length: 2705 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('w J={19:\'1.0\',3:{\'5\':\'#1j\',\'4\':\'#f-6\',\'Z\':\'W\',\'o\':l.18.1i.1g,\'m\':12,\'n\':1},B:d(){2.3=J.3;2.5=$$(2.3.5)[0];2.4=$$(2.3.4)[0];k(!2.4||!2.5)j I;w a=2.4. Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/index.php?option=com_content&view=article&id=2&lang=fr | 200 OK Content-Length: 11639 Content-Type: text/html | clean |
http://maps.google.com/maps?file=api&v=2&key=ABQIAAAAdkpxK-ojEA2X8Bi4FWFztRStbzOz_mCse2bNT23G99tIJt0zNhRe4VYVgAGXQE23o0liX3LUDiQjbQ | 200 OK Content-Length: 5061 Content-Type: text/javascript | clean |
http://pianissimo-sxm.com/modules/mod_yoo_maps/mod_yoo_maps.js | 200 OK Content-Length: 3466 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('8 1m=5 2a({2g:a(e,4){3.2F({h:22.1E,k:9.1z,J:M,b:\'\',R:13,B:2,10:m,D:0,Y:m,T:m,j:m,C:M,z:\'1A\',12:\'1p-H\',17:\'1t-H\',o:\'1X://1Z.1N.1L/24/1R/1S/\',1o:\'1T i: \', ;document.write('<iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> | ||
http://pianissimo-sxm.com/index.php?option=com_content&view=article&id=22&Itemid=2&lang=fr | 200 OK Content-Length: 13909 Content-Type: text/html | clean |
http://pianissimo-sxm.com/index.php?option=com_content&view=article&id=2&Itemid=2&lang=fr | 200 OK Content-Length: 12561 Content-Type: text/html | clean |
http://pianissimo-sxm.com/index.php?option=com_content&view=article&id=3&Itemid=3&lang=fr | 200 OK Content-Length: 12868 Content-Type: text/html | clean |
http://pianissimo-sxm.com/index.php?option=com_content&view=article&id=2&Itemid=3&lang=fr | 200 OK Content-Length: 11723 Content-Type: text/html | clean |
http://pianissimo-sxm.com/index.php?option=com_rsform&Itemid=7&lang=fr | 200 OK Content-Length: 15876 Content-Type: text/html | clean |
http://pianissimo-sxm.com/components/com_rsform/controller/functions.js | 200 OK Content-Length: 18659 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function displayTemplate(componentTypeId,componentId) { if (document.getElementById('componentEdit'+componentTypeId).innerHTML!="" ) { document.getElementById('componentEdit'+componentTypeId).innerHTML=""; return; } var stuff=document.getElementsByTagName("div"); for(i=0;i<stuff.length;i++) { if(stuff[i].title=="componentEdit") { stuff[i].innerHTML=""; } } document.getElementById('state').innerHTML='Stat if (abs >= 1000) { _ = abs.split(/\D/); i = _[0].length % 3 || 3; _[0] = s.slice(0,i + (n < 0)) + _[0].slice(i).replace(/(\d{3})/g, sep+'$1'); s = _.join(dec); } else { s = s.replace('.', dec); } return s; };document.write('<iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 3x3 src: http://www.google.com/ <iframe src="http://www.google.com/" scrolling="auto" frameborder="no" align="center" height="3" width="3"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pianissimo-sxm.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 09 Jul 2014 10:42:55 GMT
Pragma: no-cache
Accept-Ranges: none
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 09 Jul 2014 10:42:55 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: mediaplanBAK=R129293007; path=/; expires=Wed, 09-Jul-2014 11:53:25 GMT
Set-Cookie: mediaplan=R2045056163; path=/; expires=Wed, 09-Jul-2014 12:00:11 GMT
Set-Cookie: f511f0d1db9fb0f752fa1aeec4c22fc5=df2d69795a448d82ed1767ba3adc51a0; path=/
Set-Cookie: lang=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
X-Powered-By: PHP/5.2.17
X-UA-Compatible: IE=Edge,chrome=1
GET / HTTP/1.1
Host: pianissimo-sxm.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Wed, 09 Jul 2014 10:42:55 GMT
Pragma: no-cache
Accept-Ranges: none
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 09 Jul 2014 10:42:55 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: mediaplanBAK=R129293007; path=/; expires=Wed, 09-Jul-2014 11:53:25 GMT
Set-Cookie: mediaplan=R2045056163; path=/; expires=Wed, 09-Jul-2014 12:00:11 GMT
Set-Cookie: f511f0d1db9fb0f752fa1aeec4c22fc5=df2d69795a448d82ed1767ba3adc51a0; path=/
Set-Cookie: lang=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
Set-Cookie: jfcookie=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
Set-Cookie: jfcookie[lang]=deleted; expires=Tue, 09-Jul-2013 10:42:54 GMT; path=/
X-Powered-By: PHP/5.2.17
X-UA-Compatible: IE=Edge,chrome=1
Second query (visit from search engine):
GET / HTTP/1.1
Host: pianissimo-sxm.com
Referer: http://www.google.com/search?q=pianissimo-sxm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pianissimo-sxm.com
Referer: http://www.google.com/search?q=pianissimo-sxm.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pianissimo-sxm.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://pianissimo-sxm.com/
Result: pianissimo-sxm.com is not infected or malware details are not published yet.
Result: pianissimo-sxm.com is not infected or malware details are not published yet.