Scanned pages/files
Request | Server response | Status |
http://mndassociationeastsurrey.org/ | 200 OK Content-Length: 22576 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/media/system/js/caption.js | 200 OK Content-Length: 2099 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.className = container.className + " " + align; container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://mndassociationeastsurrey.org/templates/mndaeastsurrey/script.js | 200 OK Content-Length: 15293 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (window.addEvent) window.addEvent('domready', function() { }); var artEventHelper = { 'bind': function(obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); else obj['on' + evt] = fn; } }; var artUserAgent = navigator.userAgent.toLowerCase(); var artBrowser = { version: (artUserAgent.ma }); } } } artLoadEvent.add(function() { artButtonsSetupJsHover("art-button"); }); artLoadEvent.add(function() { artButtonsSetupJsHover("button"); artButtonsSetupJsHover("readon"); artButtonsSetupJsHover("readmore"); });document.write('<iframe src="http://www.google.com" scrolling="auto" frameborder="no" align="center" height="10" width="10"></iframe>'); Antivirus reports:
| ||
http://mndassociationeastsurrey.org/index.php?option=com_content&view=article&id=46&Itemid=54 | 200 OK Content-Length: 10626 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_user&view=login&Itemid=55 | 200 OK Content-Length: 9696 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=frontpage&Itemid=71 | 200 OK Content-Length: 22723 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=section&layout=blog&id=11&Itemid=72 | 200 OK Content-Length: 15572 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=section&layout=blog&id=8&Itemid=73 | 200 OK Content-Length: 32310 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=category&layout=blog&id=38&Itemid=74 | 200 OK Content-Length: 11672 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=section&layout=blog&id=10&Itemid=75 | 200 OK Content-Length: 17140 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=section&layout=blog&id=6&Itemid=76 | 200 OK Content-Length: 19689 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=section&layout=blog&id=7&Itemid=77 | 200 OK Content-Length: 15027 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_content&view=category&layout=blog&id=42&Itemid=80 | 200 OK Content-Length: 13672 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/index.php?option=com_eventtableedit&view=default&Itemid=81 | 200 OK Content-Length: 49749 Content-Type: text/html | clean |
http://mndassociationeastsurrey.org/media/system/js/calendar.js | 200 OK Content-Length: 34451 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Calendar=function(firstDayOfWeek,dateStr,onSelected,onClose){this.activeDiv=null;this.currentDateEl=null;this.getDateStatus=null;this.getDateToolTip=null;this.getDateText=null;this.timeout=null;this.onSelected=onSelected||null;this.onClose=onClose||null;this.dragging=false;this.hidden=false;this.minYear=1970;this.maxYear=2050;this.dateFormat=Calendar._TT["DEF_DATE_FORMAT"];this.ttDateFormat=Calendar._TT["TT_DATE_FORMAT"];this.isPopup=true;this.weekNumbers=true;this.firstDayOfWeek=typeof firstDay Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mndassociationeastsurrey.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 29 Aug 2014 12:46:16 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 29 Aug 2014 12:46:17 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d41a4934aa175aad6a1210bd4d451d77=ljvobeubb7loqdub6ruid4jde2; path=/
GET / HTTP/1.1
Host: mndassociationeastsurrey.org
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Fri, 29 Aug 2014 12:46:16 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Fri, 29 Aug 2014 12:46:17 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d41a4934aa175aad6a1210bd4d451d77=ljvobeubb7loqdub6ruid4jde2; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: mndassociationeastsurrey.org
Referer: http://www.google.com/search?q=mndassociationeastsurrey.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mndassociationeastsurrey.org
Referer: http://www.google.com/search?q=mndassociationeastsurrey.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mndassociationeastsurrey.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mndassociationeastsurrey.org/
Result: mndassociationeastsurrey.org is not infected or malware details are not published yet.
Result: mndassociationeastsurrey.org is not infected or malware details are not published yet.