Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=scubadivers.pl
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://scubadivers.pl/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 06 Jun 2014 05:17:11 GMT Location: http://www.scubadivers.pl/ Server: Apache Vary: Accept-Encoding Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.scubadivers.pl/ | HTTP/1.1 301 Moved Permanently Cache-Control: private Connection: close Date: Fri, 06 Jun 2014 05:17:11 GMT Pragma: private Location: http://www.scubadivers.pl/portal/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=ISO-8859-2 Set-Cookie: bb_sessionhash=d8e70731ab8cb291797962685d2dab0a; path=/; domain=.scubadivers.pl; HttpOnly Set-Cookie: bb_lastvisit=1402031831; expires=Sat, 06-Jun-2015 05:17:11 GMT; path=/; domain=.scubadivers.pl Set-Cookie: bb_lastactivity=0; expires=Sat, 06-Jun-2015 05:17:11 GMT; path=/; domain=.scubadivers.pl Set-Cookie: vbseo_loggedin=deleted; expires=Thu, 06-Jun-2013 05:17:10 GMT; path=/ X-Powered-By: PHP/5.3.3-7+squeeze19 | clean |
http://www.scubadivers.pl/portal/ | 200 OK Content-Length: 20876 Content-Type: text/html | clean |
http://yui.yahooapis.com/2.7.0/build/yuiloader-dom-event/yuiloader-dom-event.js?v=407 | 200 OK Content-Length: 58548 Content-Type: application/javascript | clean |
http://yui.yahooapis.com/2.7.0/build/connection/connection-min.js?v=407 | 200 OK Content-Length: 11604 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin-core.js?v=407 | 200 OK Content-Length: 47586 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_overlay.js?v=407 | 200 OK Content-Length: 14429 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_cms.js?v=407 | 200 OK Content-Length: 3784 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_ajax_htmlloader.js?v=407 | 200 OK Content-Length: 1913 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_md5.js?v=407 | 200 OK Content-Length: 5464 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://www.pitbikemafia.com/da70e2f04e.php | 200 OK Content-Length: 124 Content-Type: application/x-javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_lightbox.js?v=407 | 200 OK Content-Length: 12216 Content-Type: application/javascript | clean |
http://www.scubadivers.pl/clientscript/vbulletin_facebook.js?v=407 | 200 OK Content-Length: 5568 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 166384 Content-Type: application/x-javascript | clean |
http://scubadivers.pl/test404page.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Fri, 06 Jun 2014 05:17:14 GMT Location: http://www.scubadivers.pl/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 248 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.scubadivers.pl/test404page.js | 404 Not Found Content-Length: 14 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: scubadivers.pl
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 06 Jun 2014 05:17:11 GMT
Location: http://www.scubadivers.pl/
Server: Apache
Vary: Accept-Encoding
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
GET / HTTP/1.1
Host: scubadivers.pl
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Fri, 06 Jun 2014 05:17:11 GMT
Location: http://www.scubadivers.pl/
Server: Apache
Vary: Accept-Encoding
Content-Length: 234
Content-Type: text/html; charset=iso-8859-1
...234 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: scubadivers.pl
Referer: http://www.google.com/search?q=scubadivers.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: scubadivers.pl
Referer: http://www.google.com/search?q=scubadivers.pl
Result:
The result is similar to the first query. There are no suspicious redirects found.