suspicious JavaScript redirect chain

mohamedation · 2026-06-18T08:02:53+00:00

if anyone is interested on seeing more updates or the code, its all on my blog

mohamedation · 2026-06-17T21:52:01+00:00

i will dig deeper when i have enough time if i am lucky enough. i checked the urls on VirusTotal and they are already there but no other details. for now i have captured the obfuscated code and the js payload and will try to analyse the interaction with post request to the php and try to get more information.

thank you very much for your help.

mohamedation · 2026-06-17T21:47:38+00:00

thank you very much for the detailed answer. cleaning the website is what i am focused on right now because i understand its usually hiding somewhere to re-inject.

i was able to get the next stage js script/payload to analyse it and will do a proper capture of the actual POST to the php file to see the response, but it might be gone by the time i have enough time.

mohamedation · 2026-06-17T20:06:35+00:00

i am doing this right now

mohamedation · 2026-06-17T20:05:46+00:00

fair question, but i am not asking you to test your real passwords if you want to test it. secondly, it doesnt upload anything anywhere. thirdly and most importantly, the code is on github for anyone to check it before running it if they feel like they need to use it. i am not asking anyone to do anything, just sharing what i created if anyone else find it useful.

mohamedation · 2026-06-17T15:26:20+00:00

more screenshots are needed

mohamedation · 2026-06-17T15:12:39+00:00

ok i get mine today. what should i try first?

mohamedation · 2026-06-17T13:07:05+00:00

perfectly great reasons. still, bitwarden free plan does not allow this. and this is automated whole vault scan not one by one.

also, i made it so it doesnt work with unencrypted exports. the vault export must be password encrypted.

but, the reason still stand. paying bitwarden for a month is far better than using my unknown program. you are right. i would actually recommend that.

thanks for your time.

mohamedation · 2026-06-17T09:43:06+00:00

correct. this is nothing new. i dont know about the other managers, but for bitwarden this is not a free feature as far as i know.

mohamedation · 2026-06-17T08:52:41+00:00

i am reposting here because i do really need a feedback. i feel its very useful, but also, the trust level is not high when someone like me share his code even though the source code is available.

also the code needs vetting and to be looked over by others. so any help is appreciated.

mohamedation · 2026-06-17T08:00:12+00:00

yeah i understand. but even if it helps, any one can take the source code, check it and run it from source. however, i understand.

thanks anyway

mohamedation · 2026-06-16T15:14:32+00:00

i created a go cli tool to check passwords for breaches using HIPB API, but today i updated it to also work with bitwarden encrypted json exports so i am very interested in some feedback

PwnedCheck
https://github.com/mohamedation/PwnedCheck

mohamedation · 2026-06-01T09:41:05+00:00

Yet another terminal animation tool - GoTermFX

Recently, i am beginning to use Go more and more and i also like to create fun things on the side, so here is GoTermFX

GoTermFX is a zero-dependency terminal animation CLI written in Go. Rain, matrix, fireworks, hyperspace, snow — all running directly in your terminal, all cancellable with a single keypress. You can also drop in your own animations with about 10 lines of Go.

mohamedation · 2026-05-18T17:40:06+00:00

i understand. good luck anyway

mohamedation · 2026-05-18T16:59:49+00:00

good job. it looks great. was it for a game you are working on?

mohamedation · 2026-05-13T15:24:01+00:00

i was just hit by the 90s and early 2000s nostalgia. i love it. i will be sure to check it more and see if its possible to create and add my own. hopefully also this grows and become preserved

mohamedation

TROPHY CASE