Scanned pages/files
Request | Server response | Status |
http://japanesesoulmates.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 23 Sep 2014 05:31:24 GMT Location: http://www.eharmony.com/ Server: Apache-Coyote/1.1 Content-Length: 0 | clean |
http://www.eharmony.com/ | 200 OK Content-Length: 41595 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var axel = Math.random() + ""; var a = axel * 10000000000000; document.write('<iframe src="http://fls.doubleclick.net/activityi;src=1803271;type=retar492;cat=ushom797;ord=1;num=' + a + '?" width="1" height="1" frameborder="0" style="display:none"></iframe>'); Antivirus reports:
| ||
http://www.eharmony.com//static.eharmony.com/files/corp/prod/js/ehcorp.tracking.js/ | 404 Not Found Content-Length: 256 Content-Type: text/html | clean |
http://www.eharmony.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: public, max-age=14400 Connection: close Date: Tue, 23 Sep 2014 05:31:28 GMT Location: http://www.eharmony.com/test404page.js/ Server: cloudflare-nginx Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 23 Sep 2014 09:31:28 GMT CF-Cache-Status: MISS CF-RAY: 16e45b2d0c150f3f-FRA Set-Cookie: __cfduid=daaa51d97b4c03b549b75effe09d55f3e1411450288164; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.eharmony.com; HttpOnly | clean |
http://www.eharmony.com/test404page.js/ | 404 Not Found Content-Length: 6978 Content-Type: text/html | clean |
http://www.eharmony.com/home/ | 200 OK Content-Length: 39340 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.4.4/jquery.min.js | 200 OK Content-Length: 78601 Content-Type: text/javascript | clean |
http://static.eharmony.com/files/corp/prod/js/modernizr.js | 200 OK Content-Length: 11074 Content-Type: application/javascript | clean |
http://static.eharmony.com/files/corp/js/mbox.js | 200 OK Content-Length: 26610 Content-Type: application/javascript | clean |
http://static.eharmony.com/files/corp/js/EHARMONY.registration.v5.js | 200 OK Content-Length: 64907 Content-Type: application/javascript | clean |
http://static.eharmony.com/files/corp/js/custom/df-direct.js | 200 OK Content-Length: 17548 Content-Type: application/javascript | clean |
http://www.eharmony.com/login | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Tue, 23 Sep 2014 05:31:35 GMT Location: http://www.eharmony.com/login/ Server: cloudflare-nginx Vary: Accept-Encoding Content-Type: text/html; charset=iso-8859-1 Expires: Tue, 23 Sep 2014 05:46:35 GMT CF-RAY: 16e45b5a2ced0f57-FRA Set-Cookie: __cfduid=d28a948c158f1b399f1ebfad91464a43e1411450295380; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.eharmony.com; HttpOnly Set-Cookie: BIGipServerFront=Dct5kbAtQ7bA7A3YJhQQ35Ew8KQk4pm1TrVKeULPrAGOaBzYOlVSIqOOKrJBGWTNiQXIraqSCIYLuyM=; path=/ | clean |
http://www.eharmony.com/login/ | 200 OK Content-Length: 15584 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.6/jquery-ui.min.js | 200 OK Content-Length: 196578 Content-Type: text/javascript | clean |
http://static.eharmony.com/static/scripts/facebook/error-messages-1.2.js | 200 OK Content-Length: 351 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163628 Content-Type: application/x-javascript | clean |
http://static.eharmony.com/static/scripts/facebook/facebook-1.3.js | 200 OK Content-Length: 32362 Content-Type: application/javascript | clean |
http://static.eharmony.com/files/corp/js/EHARMONY.login.min.js?ver=5 | 200 OK Content-Length: 5444 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: japanesesoulmates.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 23 Sep 2014 05:31:24 GMT
Location: http://www.eharmony.com/
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
GET / HTTP/1.1
Host: japanesesoulmates.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 23 Sep 2014 05:31:24 GMT
Location: http://www.eharmony.com/
Server: Apache-Coyote/1.1
Content-Length: 0
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: japanesesoulmates.com
Referer: http://www.google.com/search?q=japanesesoulmates.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: japanesesoulmates.com
Referer: http://www.google.com/search?q=japanesesoulmates.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=japanesesoulmates.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://japanesesoulmates.com/
Result: japanesesoulmates.com is not infected or malware details are not published yet.
Result: japanesesoulmates.com is not infected or malware details are not published yet.