Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.midwestce.net/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.midwestce.net Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Sun, 22 Jun 2014 00:37:38 GMT Location: http://gqillqigqilqigqiqlqiigqilqiiiqgg.esmtp.biz/1.php Server: Apache Content-Length: 0 Content-Type: text/html | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.midwestce.net/ | 200 OK Content-Length: 15392 Content-Type: text/html | clean |
http://www.midwestce.net/clientscript/vbulletin-core.js?v=422 | 200 OK Content-Length: 51932 Content-Type: application/javascript | clean |
http://www.midwestce.net/clientscript/vbulletin_md5.js?v=422 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://www.midwestce.net/index.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15419 Content-Type: text/html | clean |
http://www.midwestce.net/register.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15621 Content-Type: text/html | clean |
http://www.midwestce.net/faq.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15411 Content-Type: text/html | clean |
http://www.midwestce.net/activity.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 14787 Content-Type: text/html | clean |
http://www.midwestce.net/search.php?s=612b35ccec65df31761c88af5fd4fa07&do=getnew&contenttype=vBForum_SocialGroupMessage | 200 OK Content-Length: 14938 Content-Type: text/html | clean |
http://www.midwestce.net/search.php?s=612b35ccec65df31761c88af5fd4fa07&do=getnew&contenttype=vBForum_Event | 200 OK Content-Length: 14899 Content-Type: text/html | clean |
http://www.midwestce.net/forum.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15419 Content-Type: text/html | clean |
http://www.midwestce.net/calendar.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15431 Content-Type: text/html | clean |
http://www.midwestce.net/group.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15419 Content-Type: text/html | clean |
http://www.midwestce.net/album.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15419 Content-Type: text/html | clean |
http://www.midwestce.net/memberlist.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15439 Content-Type: text/html | clean |
http://www.midwestce.net/showgroups.php?s=612b35ccec65df31761c88af5fd4fa07 | 200 OK Content-Length: 15439 Content-Type: text/html | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=midwestce.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://midwestce.net/
Result: midwestce.net is not infected or malware details are not published yet.
Result: midwestce.net is not infected or malware details are not published yet.