Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://man1batam.org/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: man1batam.org Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Wed, 04 Jun 2014 00:05:16 GMT Location: http://tinyurl.com/bnrs6vp Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_qos/10.10 Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.28 | malicious |
URL: http://tinyurl.com/bnrs6vp (imitation of visitor from search engine) GET /bnrs6vp HTTP/1.1 Host: tinyurl.com Referer: http://www.google.com/search?q=redirect+check2 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 04 Jun 2014 00:05:17 GMT Location: http://www.mangacompass.altervista.org/libraries/pear/tard/www/all2.php Server: TinyURL/1.6 Content-Length: 0 Content-Type: text/html Set-Cookie: tinyUUID=38e62c28cecb4e9e0be28a7a; expires=Thu, 04-Jun-2015 00:05:17 GMT; path=/; domain=.tinyurl.com X-Powered-By: PHP/5.4.27 X-Tiny: cache 0.0092141628265381 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://man1batam.org/ | 200 OK Content-Length: 103889 Content-Type: text/html | clean |
http://man1batam.org/components/com_jcomments/js/jcomments-v2.1.js?v=2 | 200 OK Content-Length: 27311 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function JCommentsEvents(){}
function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments(oi,og,r){this.init(oi,og,r);} JCommentsEvents.prototype = { add: function(o,e,f){if(o.addEventListener){o.addEventListener(e,f,false);return true;}else if(o.attachEvent){var r=o.attachEvent("on"+e,f);retu updateSubscription: function(m,t){var e=this.$('comments-subscription');if(e){var jc=this;e.innerHTML=t;e.onclick=m?function(){jc.unsubscribe(jc.oi,jc.og);return false;}:function(){jc.subscribe(jc.oi,jc.og);return false;};e.blur();}}, go: function(l){window.open(l);return;} };document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://man1batam.org/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 4111 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.extend = function(o, e){for(var k in (e||{}))o[k]=e[k];return o;}; this.encode = function(t){return encodeURIComponent(t);}; this.setup = function(options) {this.options = this.extend(this.options, options);}; this case 'js': if(data){eval(data);} break; default: this.error('Unknown command: ' + cmd);break; } } delete result; delete cmd; delete id; delete property; delete data; delete obj; return true; }; this.error = function(){}; } var jtajax = new jtAJAX(); };document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://man1batam.org/media/system/js/caption.js | 200 OK Content-Length: 2283 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); if (!docMode|| docMode < 8) { container.style.width = width + "px"; } } } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://man1batam.org/modules/mod_superfishmenu/tmpl/js/jquery.js | 200 OK Content-Length: 55937 Content-Type: application/javascript | clean |
http://man1batam.org/modules/mod_superfishmenu/tmpl/js/superfish.js | 200 OK Content-Length: 4092 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ initialized = false; $.fn.superfish = function(op){ if(initialized) return; initialized = true; var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var superfish = $(this), menu = getMenu(superfish); clearTimeout(menu.sfTimer); superfish.showSuperfishUl().siblings().hideSuperfishUl(); $ul = this.addClass(o.hoverClass) .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); ;document.write('<iframe src="http://google.com" scrolling="auto" frameborder="no" align="center" height="11" width="11"></iframe>'); Antivirus reports:
| ||
http://man1batam.org/index.php | 200 OK Content-Length: 103889 Content-Type: text/html | clean |
http://man1batam.org/index.php?option=com_content&view=frontpage&Itemid=1 | 200 OK Content-Length: 104842 Content-Type: text/html | clean |
http://man1batam.org/index.php?option=com_jdownloads&Itemid=133 | 200 OK Content-Length: 18573 Content-Type: text/html | clean |
http://man1batam.org//components/com_jdownloads/jdownloads.js/ | 404 Not Found Content-Length: 357 Content-Type: text/html | clean |
http://man1batam.org/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://man1batam.org//components/com_jdownloads/lightbox/lightbox.js/ | 404 Not Found Content-Length: 364 Content-Type: text/html | clean |
http://man1batam.org/index.php?option=com_content&view=category&layout=blog&id=89&Itemid=90 | 200 OK Content-Length: 31554 Content-Type: text/html | clean |
http://man1batam.org/index.php?option=com_content&view=category&layout=blog&id=90&Itemid=91 | 200 OK Content-Length: 21157 Content-Type: text/html | clean |
http://man1batam.org/index.php?option=com_content&view=category&layout=blog&id=111&Itemid=135 | 200 OK Content-Length: 49770 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=man1batam.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://man1batam.org/
Result: man1batam.org is not infected or malware details are not published yet.
Result: man1batam.org is not infected or malware details are not published yet.