Scanned pages/files
| Request | Server response | Status |
http://combomtb.org/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 23 Apr 2014 15:36:46 GMT Accept-Ranges: bytes Location: http://ohiosingletrack.com Server: Apache Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 X-Cache: SGCACHE-MISS X-Forwarded-For: 78.158.11.226 | clean |
http://ohiosingletrack.com/ | HTTP/1.1 303 See Other Connection: close Date: Wed, 23 Apr 2014 15:36:54 GMT Location: http://ohiosingletrack.com/content.php?s=05d0e0d47829e73e3c542a3fff6eed83 Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: bb_lastvisit=1398267414; expires=Thu, 23-Apr-2015 15:36:54 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Thu, 23-Apr-2015 15:36:54 GMT; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://ohiosingletrack.com/content.php?s=05d0e0d47829e73e3c542a3fff6eed83 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 23 Apr 2014 15:36:55 GMT Location: http://www.ohiosingletrack.com/content.php? Server: Apache Content-Length: 0 Content-Type: text/html Set-Cookie: bb_lastvisit=1398267415; expires=Thu, 23-Apr-2015 15:36:55 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Thu, 23-Apr-2015 15:36:55 GMT; path=/ X-Powered-By: PHP/5.3.28 | clean |
http://www.ohiosingletrack.com/content.php? | 200 OK Content-Length: 60596 Content-Type: text/html | clean |
http://ohiosingletrack.com/clientscript/vbulletin-core.js?v=421 | 200 OK Content-Length: 51932 Content-Type: application/javascript | clean |
http://combomtb.org/clientscript/vbulletin_overlay.js?v=421 | 200 OK Content-Length: 14299 Content-Type: application/javascript | clean |
http://combomtb.org/clientscript/vbulletin_cms.js?v=421 | 200 OK Content-Length: 4060 Content-Type: application/javascript | clean |
http://combomtb.org/clientscript/vbulletin_ajax_htmlloader.js?v=421 | 200 OK Content-Length: 1929 Content-Type: application/javascript | clean |
http://combomtb.org/clientscript/vbulletin_md5.js?v=421 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://combomtb.org/clientscript/vbulletin_lightbox.js?v=421 | 200 OK Content-Length: 12349 Content-Type: application/javascript | clean |
http://combomtb.org/faq.php?s=05d0e0d47829e73e3c542a3fff6eed83 | 200 OK Content-Length: 22425 Content-Type: text/html | clean |
http://ohiosingletrack.com/mobiquo/tapatalkdetect.js | 200 OK Content-Length: 4643 Content-Type: application/javascript | clean |
http://combomtb.org/faq.php?s=3f26fdd52797cd8d78a00e60e2d9c89b | 200 OK Content-Length: 22425 Content-Type: text/html | clean |
http://combomtb.org/content.php?s=3f26fdd52797cd8d78a00e60e2d9c89b | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 23 Apr 2014 15:36:55 GMT Accept-Ranges: bytes Location: http://www.ohiosingletrack.com/content.php? Server: Apache Content-Length: 0 Content-Type: text/html Host-Header: 192fc2e7e50945beb8231a492d6a8024 Set-Cookie: bb_lastvisit=1398267415; expires=Thu, 23-Apr-2015 15:36:55 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Thu, 23-Apr-2015 15:36:55 GMT; path=/ X-Cache: SGCACHE-MISS X-Forwarded-For: 78.158.11.226 | clean |
http://www.ohiosingletrack.com/test404page.js | 404 Not Found Content-Length: 404 Content-Type: text/html | clean |
http://combomtb.org/forum.php?s=3f26fdd52797cd8d78a00e60e2d9c89b | 200 OK Content-Length: 22431 Content-Type: text/html | clean |
http://combomtb.org/calendar.php?s=3f26fdd52797cd8d78a00e60e2d9c89b | 200 OK Content-Length: 22440 Content-Type: text/html | clean |
http://combomtb.org/forumdisplay.php?s=3f26fdd52797cd8d78a00e60e2d9c89b&do=markread&markreadhash=guest | 200 OK Content-Length: 22522 Content-Type: text/html | clean |
http://combomtb.org/showgroups.php?s=3f26fdd52797cd8d78a00e60e2d9c89b | 200 OK Content-Length: 22446 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: combomtb.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 23 Apr 2014 15:36:46 GMT
Accept-Ranges: bytes
Location: http://ohiosingletrack.com
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
X-Cache: SGCACHE-MISS
X-Forwarded-For: 78.158.11.226
...234 bytes of data.
GET / HTTP/1.1
Host: combomtb.org
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 23 Apr 2014 15:36:46 GMT
Accept-Ranges: bytes
Location: http://ohiosingletrack.com
Server: Apache
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
X-Cache: SGCACHE-MISS
X-Forwarded-For: 78.158.11.226
...234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: combomtb.org
Referer: http://www.google.com/search?q=combomtb.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: combomtb.org
Referer: http://www.google.com/search?q=combomtb.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=combomtb.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://combomtb.org/
Result: combomtb.org is not infected or malware details are not published yet.
Result: combomtb.org is not infected or malware details are not published yet.