Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://missionregroup.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: missionregroup.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Tue, 23 Sep 2014 23:39:26 GMT Location: http://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
| Request | Server response | Status |
http://missionregroup.com/ | 200 OK Content-Length: 32819 Content-Type: text/html | clean |
http://missionregroup.com/templates/gk_sporter/js/domready_fix.js | 200 OK Content-Length: 1478 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Element.Events.domready = { add: function(fn){ if (window.loaded){ fn.call(this); return; } var domReady = function(){ if (window.loaded) return; window.loaded = true; window.timer = $clear(window.timer); this.fireEvent('domready'); }.bind(this); if (document.readyState && window.webkit){ window.timer = function(){ if (['loaded','complete'].contains(document.readyState)) domReady(); }.periodical(50); } else { window.addListener("load", domReady); document.addListener("DOMContentLoaded", domReady); } } }; document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://missionregroup.com/media/system/js/modal.js | 200 OK Content-Length: 10729 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var SqueezeBox = { presets: { size: {x: 600, y: 450}, sizeLoading: {x: 200, y: 150}, marginInner: {x: 20, y: 20}, marginImage: {x: 150, y: 200}, handler: false, adopt: null, closeWithOverlay: true, zIndex: 65555, overlayOpacity: 0.7, classWindow: '', classOverlay: '', disableFx: false, onOpen: Class.empty, onClose: Class.empty, onUpdate: Class.empty, onResize: Class.empty, onMove: Class.emp 'height': this.options.size.y }); }, 'string': function(str) { return str; } }, extend: $extend }; SqueezeBox.extend(SqueezeBox, Events.prototype); SqueezeBox.extend(SqueezeBox, Options.prototype); SqueezeBox.extend(SqueezeBox, Chain.prototype); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://missionregroup.com/components/com_k2/js/k2.js | 200 OK Content-Length: 3218 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) window.addEvent('domready', function(){ if($('comment-form')) { $('comment-form').addEvent('submit', function(e){ new Event(e).stop(); $('formLog').empty().addClass('formLogLoading'); this.send({ onComplete: function(res){ $('formLog').removeClass('formLogLoading').setHTML(res); if(typeof(Recaptcha) != "undefined"){ Recaptcha.reload(); } if (res.substr(13, 7) == 'success') }); }); window.addEvent('load', function(){ if($$('.subCategory')){ var blocks = $$('.subCategory'); var maxHeight = 0; blocks.each(function(item){ maxHeight = Math.max(maxHeight, parseInt(item.getStyle('height'))); }); blocks.setStyle('height', maxHeight); } }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://missionregroup.com/media/system/js/caption.js | 200 OK Content-Length: 2104 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://missionregroup.com/templates/gk_sporter/js/gk.script.js | 200 OK Content-Length: 9506 Content-Type: text/javascript | clean |
http://missionregroup.com/templates/gk_sporter/js/gk_image_show.js | 200 OK Content-Length: 5302 Content-Type: text/javascript | clean |
http://missionregroup.com/plugins/system/yoo_effects/spotlight/spotlight_packed.js | 200 OK Content-Length: 1145 Content-Type: text/javascript | clean |
http://missionregroup.com/templates/gk_sporter/js/menu/mega.js | 200 OK Content-Length: 17528 Content-Type: text/javascript | clean |
http://missionregroup.com/media/system/js/validate.js | 200 OK Content-Length: 4387 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JFormValidator = new Class({ initialize: function() { this.handlers = Object(); this.custom = Object(); this.setHandler('username', function (value) { regex = new RegExp("[\<|\>|\"|\'|\%|\;|\(|\)|\&]", "i"); return !regex.test(value); } ); this.setHandler('password', function (value) { regex=/^\S[\S ]{2,98}\S$/; return regex.test(value); } ); this.setHandler('numeric $(el.labelref).addClass('invalid'); } } else { el.removeClass('invalid'); if (el.labelref) { $(el.labelref).removeClass('invalid'); } } } }); document.formvalidator = null; Window.onDomReady(function(){ document.formvalidator = new JFormValidator(); }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://missionregroup.com/index.php | 200 OK Content-Length: 32849 Content-Type: text/html | clean |
http://missionregroup.com/index.php?option=com_user&view=register | 200 OK Content-Length: 27206 Content-Type: text/html | clean |
http://missionregroup.com/components/com_jce/editor/tiny_mce/tiny_mce.js?version=2284 | 200 OK Content-Length: 230693 Content-Type: text/javascript | clean |
http://missionregroup.com/components/com_jce/editor/libraries/js/editor.js?version=2284 | 200 OK Content-Length: 10353 Content-Type: text/javascript | clean |
http://missionregroup.com/index.php?option=com_user&view=login | 200 OK Content-Length: 26527 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=missionregroup.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://missionregroup.com/
Result: missionregroup.com is not infected or malware details are not published yet.
Result: missionregroup.com is not infected or malware details are not published yet.