Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thelivingforum.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://thelivingforum.org/ | HTTP/1.1 200 OK Connection: close Date: Tue, 24 Feb 2015 23:39:17 GMT Accept-Ranges: bytes Server: Apache Content-Length: 1521 Content-Type: text/html Last-Modified: Sat, 17 Jan 2015 09:18:18 GMT | clean |
http://thelivingforum.org/forum.php | 200 OK Content-Length: 9030 Content-Type: text/html | clean |
http://thelivingforum.org/clientscript/yui/yuiloader-dom-event/yuiloader-dom-event.js?v=400 | 200 OK Content-Length: 64103 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C 1){D=("" A[C]).split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.length;B=B 1){E[D[B]]=E[D[B]]||{};E=E[D[B]];}}return E;};YAHOO.log=function(D,A,C){var B=YAHOO.widget.Logger;if(B&&B.log){return B.log(D,A,C);}else{return false;}};YAHOO.register=function(A,E,D){var I=YAHOO.env.modules,B,H,G,F,C;if(!I[A]){I[A]={versions:[],builds:[]};}B=I[A];H=D.version;G=D Antivirus reports:
| ||
http://thelivingforum.org/clientscript/yui/connection/connection-min.js?v=400 | 200 OK Content-Length: 17160 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) YAHOO.util.Connect={_msxml_progid:["Microsoft.XMLHTTP","MSXML2.XMLHTTP.3.0","MSXML2.XMLHTTP"],_http_headers:{},_has_http_headers:false,_use_default_post_header:true,_default_post_header:"application/x-www-form-urlencoded; charset=UTF-8",_default_form_header:"application/x-www-form-urlencoded",_use_default_xhr_header:true,_default_xhr_header:"XMLHttpRequest",_has_default_headers:true,_default_headers:{},_isFormSubmit:false,_isFileUpload:false,_formNode:null,_sFormData:null,_poll:{},_timeOut:{},_p Antivirus reports:
| ||
http://thelivingforum.org/clientscript/vbulletin-core.js?v=400 | 200 OK Content-Length: 50215 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if(!window.console||!console.firebug){window.console={};var names=["log","debug","info","warn","error","assert","dir","dirxml","group","groupEnd","time","timeEnd","count","trace","profile","profileEnd"];for(var i=0;i<names.length; i){window.console[names[i]]=function(){}}}var BBURL=(typeof (BBURL)=="undefined"?"":BBURL);var SESSIONURL=(typeof (SESSIONURL)=="undefined"?"":SESSIONURL);var SECURITYTOKEN=(typeof (SECURITYTOKEN)=="undefined"?"":SECURITYTOKEN);var vbphrase=(typeof (vbphrase)=="und /*/0f2490*/ Antivirus reports:
| ||
http://thelivingforum.org/clientscript/vbulletin_md5.js?v=400 | 200 OK Content-Length: 11012 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var hexcase=0;var b64pad="";var chrsz=8;function hex_md5(A){return binl2hex(core_md5(str2binl(A),A.length*chrsz))}function b64_md5(A){return binl2b64(core_md5(str2binl(A),A.length*chrsz))}function str_md5(A){return binl2str(core_md5(str2binl(A),A.length*chrsz))}function hex_hmac_md5(A,B){return binl2hex(core_hmac_md5(A,B))}function b64_hmac_md5(A,B){return binl2b64(core_hmac_md5(A,B))}function str_hmac_md5(A,B){return binl2str(core_hmac_md5(A,B))}function core_md5(K,F){K[F>>5]|=128<< Antivirus reports:
| ||
http://thelivingforum.org/forum.php?s=bc6797b9ebcb58b7386da1bfc58736be | 200 OK Content-Length: 9030 Content-Type: text/html | clean |
http://thelivingforum.org/register.php?s=bc6797b9ebcb58b7386da1bfc58736be | 200 OK Content-Length: 20317 Content-Type: text/html | clean |
http://thelivingforum.org/clientscript/vbulletin_ajax_nameverif.js?v=400 | 200 OK Content-Length: 8042 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function vB_AJAX_NameVerify(C,A){var B=userAgent.match(/applewebkit\/([0-9] )/);if(AJAX_Compatible&&!(is_saf&&!(B[1]>=412))){this.textobj=fetch_object(A);this.textobj.setAttribute("autocomplete","off");this.textobj.obj=this;this.varname=C;this.fragment="";this.timeout=null;this.ajax_req=null;this.get_text=function(){this.fragment=new String(this.textobj.value);this.fragment=PHP.trim(this.fragment)};this.key_event_handler=function(D){this.get_text();clearTimeout(this.timeout);t Antivirus reports:
| ||
http://thelivingforum.org/faq.php?s=bc6797b9ebcb58b7386da1bfc58736be | 200 OK Content-Length: 9028 Content-Type: text/html | clean |
http://thelivingforum.org/register.php?s=bc6797b9ebcb58b7386da1bfc58736be& | 200 OK Content-Length: 20317 Content-Type: text/html | clean |
http://thelivingforum.org/content.php?s=bc6797b9ebcb58b7386da1bfc58736be | 200 OK Content-Length: 9032 Content-Type: text/html | clean |
http://thelivingforum.org/sendmessage.php?s=bc6797b9ebcb58b7386da1bfc58736be | 200 OK Content-Length: 9236 Content-Type: text/html | clean |
http://thelivingforum.org/archive/index.php | 500 Internal Server Error Content-Length: 19229 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://suspended.hostgator.com/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thelivingforum.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 23:39:17 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 1521
Content-Type: text/html
Last-Modified: Sat, 17 Jan 2015 09:18:18 GMT
...1521 bytes of data.
GET / HTTP/1.1
Host: thelivingforum.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 24 Feb 2015 23:39:17 GMT
Accept-Ranges: bytes
Server: Apache
Content-Length: 1521
Content-Type: text/html
Last-Modified: Sat, 17 Jan 2015 09:18:18 GMT
...1521 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thelivingforum.org
Referer: http://www.google.com/search?q=thelivingforum.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thelivingforum.org
Referer: http://www.google.com/search?q=thelivingforum.org
Result:
The result is similar to the first query. There are no suspicious redirects found.