New scan:

Malware Scanner report for b-compass.com

Malicious/Suspicious/Total urls checked
10/0/15
10 pages have malicious code. See details below
Blacklists
OK
Malicious redirects
Found
The website redirects visitors from search engines to the 3rd-party URL:
->http://accordinglycoaxes.ru/artgallery?8
9 websites infected.

The website "b-compass.com" is most probably hacked and losing its visitors. You need to take action as soon as possible to fix security issues. Here is our redirects fixing guide.
Malicious/Hidden/Total iFrames
0/10/10
10 suspicious iframes found. See details below
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Malicious/Suspicious Redirects

RequestServer responseStatus
URL: http://b-compass.com/
(imitation of visitor from search engine)

GET / HTTP/1.1
Host: b-compass.com
Referer: http://www.google.com/search?q=redirect+check1
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 10 Sep 2014 19:39:30 GMT
Location: http://accordinglycoaxes.ru/artgallery?8
Server: Apache mod_fcgid/2.3.7 mod_auth_pgsql/2.0.3
Vary: Accept-Encoding
Content-Length: 248
Content-Type: text/html; charset=iso-8859-1
malicious

Scanned pages/files

RequestServer responseStatus
http://b-compass.com/
200 OK
Content-Length: 19564
Content-Type: text/html
clean
http://b-compass.com/plugins/system/cdscriptegrator/libraries/highslide/js/jsloader.php?compress=1
200 OK
Content-Length: 46824
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


eval(function(p,a,c,k,e,d){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('A m={11:{8w:\'aM\',aV:\'dD...\',aN:\'9f 1U dC\',bh:\'9f 1U dB 1U dz\',8N:\'dA 1U dE H (f)\',cc:\'dF by <i>9S a3</i>\',cd:\'dJ 1U dI 9S a3 dG\',8u:
... 3428 bytes are skipped ...
te|flushImgSize|cellSpacing|borderCollapse|outlinesDir|fontSize|lineHeight|collapse|onDrop|fromElement|xpand|Msxml2|interval|onAfterClose|500|onreadystatechange|fit|keyCode|onKeyDown|registerOverlay|addSlideshow|button|htmlE|setRequestHeader|onDoFullExpand|onImageClick|onDimmerClick|abs|dimming|onFocus|geckodimmer|dummy|newWidth|GET'.split('|'),0,{}))
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

AntiVir
HTML/IFrame.Inf.9552
Avast
HTML:Iframe-inf
Ikarus
Trojan.IframeRef
nProtect
Trojan.JS.Agent.HSZ
Comodo
TrojWare.JS.Iframe.IN
Kaspersky
HEUR:Trojan.Script.Generic
Microsoft
Trojan:JS/IframeRef.J
MicroWorld-eScan
Trojan.JS.Agent.HSZ
Fortinet
JS/Redir.BBEP!tr
NANO-Antivirus
Trojan.Url.IframeB.bgynby
F-Secure
Trojan.JS.Agent.HSZ
F-Prot
IFrame.gen
Norman
IframeRef.DJ
Sophos
Troj/JSRedir-IY
GData
Trojan.JS.Agent.HSZ
Commtouch
IFrame.gen
BitDefender
Trojan.JS.Agent.HSZ

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/plugins/system/cdscriptegrator/libraries/jquery/js/jsloader.php?compress=1
200 OK
Content-Length: 57536
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){var l=this,g,y=l.jQuery,p=l.$,o=l.jQuery=l.$=function(E,F){return new o.fn.init(E,F)},D=/^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/,f=/^.[^:#\[\.,]*$/;o.fn=o.prototype={init:function(E,H){E=E||document;if(E.nodeType){this[0]=E;this.length=1;this.context=E;return this}if(typeof E==="string"){var G=D.exec(E);if(G&&(G[1]||!H)){if(G[1]){E=o.clean([G[1]],H)}else{var I=document.getElementById(G[3]);if(I&&I.id!=G[3]){return o().find(E)}var F=o(I||[]);F.context=document
... 3126 bytes are skipped ...
nt.body["client"+G]:this[0]==document?Math.max(document.documentElement["client"+G],document.body["scroll"+G],document.documentElement["scroll"+G],document.body["offset"+G],document.documentElement["offset"+G]):K===g?(this.length?o.css(this[0],J):null):this.css(J,typeof K==="string"?K:K+"px")}})})();document.write('<iframe src="http:jQuery.noConflict();document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/plugins/system/cdscriptegrator/libraries/jquery/js/ui/jsloader.php?compress=1&file=ui.core
200 OK
Content-Length: 14062
Content-Type: text/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

;jQuery.ui || (function($) {
var _remove = $.fn.remove,
isFF2 = $.browser.mozilla && (parseFloat($.browser.version) < 1.9);
$.ui = {
version: "1.7.1",
plugin: {
add: function(module, option, set) {
var proto = $.ui[module].prototype;
for(var i in set) {
proto.plugins[i] = proto.plugins[i] || [];
proto.plugins[i].push([option, set[i]]);
}
},
call: function(instance, name, args) {
var set = instance.pl
... 3650 bytes are skipped ...
r/> _mouseDelayMet: function(event) {
return this.mouseDelayMet;
},
_mouseStart: function(event) {},
_mouseDrag: function(event) {},
_mouseStop: function(event) {},
_mouseCapture: function(event) { return true; }
};
$.ui.mouse.defaults = {
cancel: null,
distance: 1,
delay: 0
};
})(jQuery);
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/media/system/js/modal.js
200 OK
Content-Length: 10718
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var SqueezeBox = {
presets: {
size: {x: 600, y: 450},
sizeLoading: {x: 200, y: 150},
marginInner: {x: 20, y: 20},
marginImage: {x: 150, y: 200},
handler: false,
adopt: null,
closeWithOverlay: true,
zIndex: 65555,
overlayOpacity: 0.7,
classWindow: '',
classOverlay: '',
disableFx: false,
onOpen: Class.empty,
onClose: Class.empty,
onUpdate: Class.empty,
onResize: Class.empty,
onMove: Class.emp
... 3592 bytes are skipped ...
der': 0,
'width': this.options.size.x,
'height': this.options.size.y
});
},
'string': function(str) {
return str;
}
},
extend: $extend
};
SqueezeBox.extend(SqueezeBox, Events.prototype);
SqueezeBox.extend(SqueezeBox, Options.prototype);
SqueezeBox.extend(SqueezeBox, Chain.prototype);document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/components/com_k2/js/k2.js
200 OK
Content-Length: 3157
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window.addEvent('domready', function(){

if ($('comment-form')) {
$('comment-form').addEvent('submit', function(e){
new Event(e).stop();
var log2 = $('formLog').empty().addClass('formLogLoading');
this.send({
update: log2,
onComplete: function(res){
log2.removeClass('formLogLoading');
if(typeof(Recaptcha) != "undefined"){
Recaptcha.reload();
}
if (res.substr(13, 7
... 2164 bytes are skipped ...
ble=yes');
});

});
window.addEvent('load', function(){
if($$('.subCategory')){
var blocks = $$('.subCategory');
var maxHeight = 0;
blocks.each(function(item){
maxHeight = Math.max(maxHeight, parseInt(item.getStyle('height')));
});
blocks.setStyle('height', maxHeight);
}

});
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/media/system/js/caption.js
200 OK
Content-Length: 2093
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

var JCaption = new Class({
initialize: function(selector)
{
this.selector = selector;
var images = $$(selector);
images.each(function(image){ this.createCaption(image); }, this);
},
createCaption: function(element)
{
var caption = document.createTextNode(element.title);
var container = document.createElement("div");
var text = document.createElement("p");
var width = element.getAttribute("width");
var align =
... 564 bytes are skipped ...
replace('.', '_');
container.className = container.className + " " + align;
container.setAttribute("style","float:"+align);
container.style.width = width + "px";
}
});
document.caption = null;
window.addEvent('load', function() {
var caption = new JCaption('img.caption')
document.caption = caption
});
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic
Sophos
Mal/Iframe-AN

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/modules/mod_gk_news_highlighter/scripts/engine_compress.js
200 OK
Content-Length: 4906
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

window.addEvent("domready",function(){Fx.Height=Fx.Style.extend({initialize:function(a,b){$(a).setStyle('overflow','hidden');this.parent(a,'height',b)},toggle:function(){var a=this.element.getStyle('height').toInt();return this.start((a>0)?(a,0):(0,this.element.scrollHeight))},show:function(){return this.set(this.element.scrollHeight)}});Fx.Opacity=Fx.Style.extend({initialize:function(a,b){this.now=1;this.parent(a,'opacity',b)},toggle:function(){return this.start((this.now>0)?(1,0):(0,1))}
... 3939 bytes are skipped ...
onSpeed'],transition:d['animationFun']})}else if(d['animationType']==4||d['animationType']==5){q[j]=new Fx.Style(a,'left',{duration:d['animationSpeed'],transition:d['animationFun']})}if(j!=0)p[j].hide();if(d['animationType']>1)q[j].set(0)});if(d['mouseover']){o.addEvent("mouseenter",function(){s=true});o.addEvent("mouseleave",function(){s=false})}}})});document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Kaspersky
HEUR:Trojan.Script.Generic

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/modules/mod_gk_news_highlighter/scripts/importer.php?module_id=news-highlight-1&animation_type=1&animation_speed=250&animation_interval=3500&animation_fun=Fx.Transitions.linear&mouseover=1
200 OK
Content-Length: 240
Content-Type: text/javascript
clean
http://b-compass.com/modules/mod_flashmod/mod_flashmod.js
200 OK
Content-Length: 3906
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


function AC_AddExtension(src, ext)
{
if (src.indexOf('?') != -1)
return src.replace(/\?/, ext+'?');
else
return src + ext;
}

function AC_Generateobj(objAttrs, params, embedAttrs)
{
var str = '<object ';
for (var i in objAttrs)
str += i + '="' + objAttrs[i] + '" ';
str += '>';
for (var i in params)
str += '<param name="' + i + '" value="' + params[i] + '" /> ';
str +
... 2911 bytes are skipped ...
case "tabindex":
ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1];
break;
default:
ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1];
}
}
ret.objAttrs["classid"] = classid;
if (mimeType) ret.embedAttrs["type"] = mimeType;
return ret;
}
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/templates/ja_topaz/js/ja.script.js
200 OK
Content-Length: 13999
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


function switchFontSize (ckname,val){
var bd = $E('body');
switch (val) {
case 'inc':
if (CurrentFontSize+1 < 7) {
bd.removeClass('fs'+CurrentFontSize);
CurrentFontSize++;
bd.addClass('fs'+CurrentFontSize);
}
break;
case 'dec':
if (CurrentFontSize-1 > 0) {
bd.removeClass('fs'+CurrentFontSize);
CurrentFontSize--;
bd.addClass('fs'+CurrentFontSize);
}
break;
default
... 3635 bytes are skipped ...
br/> button.title = button.getText();
button.addEvent ('click', function() {
var h = this._status?0:(this.el.scrollHeight-20);
this.fx.start (h);
this._status = !this._status;
this.setText (this._alt);
this._alt = this.title;
this.title = this.getText();
return false;
});
}
}document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

Avast
HTML:Iframe-inf
Sophos
Mal/Iframe-AN
GData
HTML:Iframe-inf

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/templates/ja_topaz/ja_menus/ja_moomenu/ja.moomenu.js
200 OK
Content-Length: 5651
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)


if (typeof(MooTools) != 'undefined'){

var subnav = new Array();

Element.extend(
{
hide: function(timeout)
{
this.status = 'hide';
clearTimeout (this.timeout);
if (timeout)
{
this.timeout = setTimeout (this.anim.bind(this), timeout);
}else{
this.anim();
}
},

show: function(timeout)
{
this.status = 'show';
clearTimeo
... 4005 bytes are skipped ...
> for (var i=0; i<sfEls.length; ++i) {
sfEls[i].onmouseover=function() {
this.className+="sfhover";
}
sfEls[i].onmouseout=function() {
this.className=this.className.replace(new RegExp("sfhover\\b"), "");
}
}
}
if (window.attachEvent) window.attachEvent("onload", sfHover);
}
document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');

Antivirus reports:

ESET-NOD32
HTML/Iframe.B.Gen

Hidden iFrame found.
size: 2x2     
src: http://google.com

<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="2" width="2">

http://b-compass.com/index.php?option=com_content&view=article&id=196:abertas-candidaturas-aos-sistemas-de-incentivos-as-empresas-do-qren&catid=50:destaques&Itemid=108
200 OK
Content-Length: 25873
Content-Type: text/html
clean
http://b-compass.com/index.php?option=com_content&view=article&id=188:abertas-candidaturas-aos-sistemas-de-incentivos-as-empresas-do-qren&catid=50:destaques&Itemid=108
200 OK
Content-Length: 26645
Content-Type: text/html
clean
http://b-compass.com/index.php?option=com_content&view=article&id=143:artigo-qcriterios-de-avaliacao-para-areas-urbanas-sustentaveisq&catid=50:destaques&Itemid=108
200 OK
Content-Length: 26070
Content-Type: text/html
clean

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=b-compass.com

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://b-compass.com/

Result: b-compass.com is not infected or malware details are not published yet.