Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=porschec.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://porschec.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.porschec.ru/ | 200 OK Content-Length: 78076 Content-Type: text/html | clean |
http://www.porschec.ru/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=387 | 200 OK Content-Length: 36628 Content-Type: application/x-javascript | clean |
http://www.porschec.ru/clientscript/yui/connection/connection-min.js?v=387 | 200 OK Content-Length: 11604 Content-Type: application/x-javascript | clean |
http://www.porschec.ru/clientscript/vbulletin_global.js?v=387 | 200 OK Content-Length: 54620 Content-Type: application/x-javascript | clean |
http://www.porschec.ru/clientscript/vbulletin_menu.js?v=387 | 200 OK Content-Length: 9441 Content-Type: application/x-javascript | clean |
http://porschec.ru/clientscript/ncode_imageresizer.js?v=1.0.2 | 200 OK Content-Length: 9465 Content-Type: application/x-javascript | clean |
http://porschec.ru/clientscript/kr_scripts/rbs_scripts/rbs_banner_sender.min.js | 200 OK Content-Length: 1204 Content-Type: application/x-javascript | clean |
http://www.porschec.ru/clientscript/vbulletin_md5.js?v=387 | 200 OK Content-Length: 5464 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://www.porschec.ru/clientscript/vbulletin_read_marker.js?v=387 | 200 OK Content-Length: 3440 Content-Type: application/x-javascript | clean |
http://www.porschec.ru/index.php?s=d88e2f37d870e0b98996d58bfb31e711 | 200 OK Content-Length: 78090 Content-Type: text/html | clean |
http://www.porschec.ru/register.php?s=d88e2f37d870e0b98996d58bfb31e711 | 200 OK Content-Length: 15162 Content-Type: text/html | clean |
http://www.porschec.ru/sendmessage.php?s=d88e2f37d870e0b98996d58bfb31e711 | 200 OK Content-Length: 22386 Content-Type: text/html | clean |
http://backs.keycaptcha.com/swfs/cap.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 13 Jun 2014 07:32:08 GMT Location: https://back10.keycaptcha.com/swfs/cap.js Server: nginx/1.2.5 Content-Length: 184 Content-Type: text/html | clean |
https://back10.keycaptcha.com/swfs/cap.js | 200 OK Content-Length: 3912 Content-Type: text/javascript | clean |
http://www.porschec.ru/faq.php?s=d88e2f37d870e0b98996d58bfb31e711 | 200 OK Content-Length: 21903 Content-Type: text/html | clean |
http://www.porschec.ru/faq.php?&nojs=1 | 200 OK Content-Length: 18924 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: porschec.ru
Result:
GET / HTTP/1.1
Host: porschec.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: porschec.ru
Referer: http://www.google.com/search?q=porschec.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: porschec.ru
Referer: http://www.google.com/search?q=porschec.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.