Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=forum.danzig.de
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://forum.danzig.de/ | 200 OK Content-Length: 72162 Content-Type: text/html | clean |
http://forum.danzig.de/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=4110 | 200 OK Content-Length: 61619 Content-Type: application/javascript | clean |
http://forum.danzig.de/clientscript/yui/connection/connection-min.js?v=4110 | 200 OK Content-Length: 13257 Content-Type: application/javascript | clean |
http://forum.danzig.de/clientscript/vbulletin-core.js?v=4110 | 200 OK Content-Length: 51694 Content-Type: application/javascript | clean |
http://forum.danzig.de/clientscript/vbulletin_read_marker.js?v=4110 | 200 OK Content-Length: 4447 Content-Type: application/javascript | clean |
http://forum.danzig.de/clientscript/vbulletin_md5.js?v=4110 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://forum.danzig.de/index.php?s=78a8908ad3823e8c795e106bb122bc64 | 200 OK Content-Length: 72180 Content-Type: text/html | clean |
http://forum.danzig.de/register.php?s=78a8908ad3823e8c795e106bb122bc64 | 200 OK Content-Length: 24949 Content-Type: text/html | clean |
http://forum.danzig.de/clientscript/vbulletin_ajax_nameverif.js?v=4110 | 200 OK Content-Length: 2489 Content-Type: application/javascript | clean |
http://forum.danzig.de/clientscript/vbulletin_ajax_suggest.js?v=4110 | 200 OK Content-Length: 8142 Content-Type: application/javascript | clean |
http://forum.danzig.de/faq.php?s=78a8908ad3823e8c795e106bb122bc64 | 200 OK Content-Length: 15855 Content-Type: text/html | clean |
http://forum.danzig.de/calendar.php?s=78a8908ad3823e8c795e106bb122bc64 | 200 OK Content-Length: 30697 Content-Type: text/html | clean |
http://forum.danzig.de/forumdisplay.php?s=78a8908ad3823e8c795e106bb122bc64&do=markread&markreadhash=guest | HTTP/1.1 302 Found Connection: close Date: Fri, 30 May 2014 15:47:14 GMT Location: http://forum.danzig.de/index.php?s=78a8908ad3823e8c795e106bb122bc64 Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html Set-Cookie: bb_lastvisit=1401464834; expires=Sat, 30-May-2015 15:47:14 GMT; path=/ Set-Cookie: bb_lastactivity=0; expires=Sat, 30-May-2015 15:47:14 GMT; path=/ Set-Cookie: bb_lastvisit=1401464834; expires=Sat, 30-May-2015 15:47:14 GMT; path=/ X-Powered-By: PleskLin | clean |
http://forum.danzig.de/test404page.js | 404 Not Found Content-Length: 277 Content-Type: text/html | clean |
http://forum.danzig.de/search.php?s=78a8908ad3823e8c795e106bb122bc64&do=getdaily&contenttype=vBForum_Post | 200 OK Content-Length: 30535 Content-Type: text/html | clean |
http://forum.danzig.de/search.php?s=78a8908ad3823e8c795e106bb122bc64&do=getdaily&contenttype=vBForum_SocialGroupMessage | 200 OK Content-Length: 30577 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: forum.danzig.de
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 30 May 2014 15:47:09 GMT
Pragma: private
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bb_sessionhash=78a8908ad3823e8c795e106bb122bc64; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1401464829; expires=Sat, 30-May-2015 15:47:09 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Sat, 30-May-2015 15:47:09 GMT; path=/
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: forum.danzig.de
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Fri, 30 May 2014 15:47:09 GMT
Pragma: private
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: bb_sessionhash=78a8908ad3823e8c795e106bb122bc64; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1401464829; expires=Sat, 30-May-2015 15:47:09 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Sat, 30-May-2015 15:47:09 GMT; path=/
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: forum.danzig.de
Referer: http://www.google.com/search?q=forum.danzig.de
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: forum.danzig.de
Referer: http://www.google.com/search?q=forum.danzig.de
Result:
The result is similar to the first query. There are no suspicious redirects found.