Scanned pages/files
Request | Server response | Status |
http://mavilobi.com/ | 200 OK Content-Length: 220320 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/yui/2.9.0/build/yuiloader-dom-event/yuiloader-dom-event.js | 200 OK Content-Length: 61619 Content-Type: text/javascript | clean |
http://www.mavilobi.com/clientscript/vbulletin-core.js?v=422 | 200 OK Content-Length: 51946 Content-Type: application/javascript | clean |
http://mavilobi.com//ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js/ | 404 Not Found Content-Length: 14 Content-Type: text/html | clean |
http://mavilobi.com/test404page.js | 404 Not Found Content-Length: 14 Content-Type: text/html | clean |
http://mavilobi.com/clientscript/vbulletin_read_marker.js?v=422 | 200 OK Content-Length: 4460 Content-Type: application/javascript | clean |
http://mavilobi.com/clientscript/vbulletin_md5.js?v=422 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://www.mavilobi.com/clientscript/vbulletin_facebook.js?v=422 | 200 OK Content-Length: 6501 Content-Type: application/javascript | clean |
http://xslt.alexa.com/site_stats/js/t/a?url=www.mavilobi.com | 200 OK Content-Length: 3153 Content-Type: application/x-javascript | clean |
http://widgets.amung.us/tab.js | 200 OK Content-Length: 26072 Content-Type: application/x-javascript | clean |
http://mavilobi.com//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 14 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mavilobi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 06 Apr 2014 19:28:49 GMT
Pragma: private
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Type: text/html; charset=windows-1254
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: bb_sessionhash=e3e66a4c14bd5f12514bc44bd65083ea; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1396812529; expires=Mon, 06-Apr-2015 19:28:49 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Mon, 06-Apr-2015 19:28:49 GMT; path=/
Set-Cookie: PHPSESSID=4160b16bad725d6e73c03a2545b9a9f3; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: mavilobi.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Connection: close
Date: Sun, 06 Apr 2014 19:28:49 GMT
Pragma: private
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Type: text/html; charset=windows-1254
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: bb_sessionhash=e3e66a4c14bd5f12514bc44bd65083ea; path=/; HttpOnly
Set-Cookie: bb_lastvisit=1396812529; expires=Mon, 06-Apr-2015 19:28:49 GMT; path=/
Set-Cookie: bb_lastactivity=0; expires=Mon, 06-Apr-2015 19:28:49 GMT; path=/
Set-Cookie: PHPSESSID=4160b16bad725d6e73c03a2545b9a9f3; path=/
Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: mavilobi.com
Referer: http://www.google.com/search?q=mavilobi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mavilobi.com
Referer: http://www.google.com/search?q=mavilobi.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mavilobi.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://mavilobi.com/
Result: mavilobi.com is not infected or malware details are not published yet.
Result: mavilobi.com is not infected or malware details are not published yet.