Scanned pages/files
Request | Server response | Status |
http://ali-sami-yen.net/ | 200 OK Content-Length: 46655 Content-Type: text/html | clean |
http://www.ali-sami-yen.net/mobiquo/tapatalkdetect.js | 200 OK Content-Length: 3465 Content-Type: application/x-javascript | clean |
http://www.ali-sami-yen.net/forumrunner/detect.js | 200 OK Content-Length: 2885 Content-Type: application/x-javascript | clean |
http://yui.yahooapis.com/combo?2.9.0/build/yuiloader-dom-event/yuiloader-dom-event.js&2.9.0/build/connection/connection-min.js | 200 OK Content-Length: 74876 Content-Type: application/javascript | clean |
http://www.ali-sami-yen.net/clientscript/vbulletin-core.js?v=4112 | 200 OK Content-Length: 51932 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/mobiquo/tapatalkdetect.js | 200 OK Content-Length: 3465 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/clientscript/vbulletin_overlay.js?v=4112 | 200 OK Content-Length: 14300 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/clientscript/vbulletin_cms.js?v=4112 | 200 OK Content-Length: 4061 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/clientscript/vbulletin_ajax_htmlloader.js?v=4112 | 200 OK Content-Length: 1930 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/clientscript/vbulletin_md5.js?v=4112 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://ali-sami-yen.net/clientscript/vbulletin_lightbox.js?v=4112 | 200 OK Content-Length: 12350 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/forum.php?s=3ad52d539fe352a61a4cf6619a355a2d | 200 OK Content-Length: 51767 Content-Type: text/html | clean |
http://ali-sami-yen.net/clientscript/vbulletin_read_marker.js?v=4112 | 200 OK Content-Length: 4447 Content-Type: application/x-javascript | clean |
http://ali-sami-yen.net/register.php?s=3ad52d539fe352a61a4cf6619a355a2d | 200 OK Content-Length: 17361 Content-Type: text/html | clean |
http://ali-sami-yen.net/faq.php?s=3ad52d539fe352a61a4cf6619a355a2d | 200 OK Content-Length: 19797 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ali-sami-yen.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 19 Apr 2014 16:49:38 GMT
Pragma: private
Server: Apache
Content-Length: 46655
Content-Type: text/html; charset=ISO-8859-9
Set-Cookie: bb_lastvisit=1397926178; expires=Sun, 19-Apr-2015 16:49:38 GMT; path=/; domain=.ali-sami-yen.net
Set-Cookie: bb_lastactivity=0; expires=Sun, 19-Apr-2015 16:49:38 GMT; path=/; domain=.ali-sami-yen.net
X-Powered-By: PHP/5.3.10
...46655 bytes of data.
GET / HTTP/1.1
Host: ali-sami-yen.net
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sat, 19 Apr 2014 16:49:38 GMT
Pragma: private
Server: Apache
Content-Length: 46655
Content-Type: text/html; charset=ISO-8859-9
Set-Cookie: bb_lastvisit=1397926178; expires=Sun, 19-Apr-2015 16:49:38 GMT; path=/; domain=.ali-sami-yen.net
Set-Cookie: bb_lastactivity=0; expires=Sun, 19-Apr-2015 16:49:38 GMT; path=/; domain=.ali-sami-yen.net
X-Powered-By: PHP/5.3.10
...46655 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ali-sami-yen.net
Referer: http://www.google.com/search?q=ali-sami-yen.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ali-sami-yen.net
Referer: http://www.google.com/search?q=ali-sami-yen.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ali-sami-yen.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://ali-sami-yen.net/
Result: ali-sami-yen.net is not infected or malware details are not published yet.
Result: ali-sami-yen.net is not infected or malware details are not published yet.