Scanned pages/files
Request | Server response | Status |
http://trerosa.com/ | 200 OK Content-Length: 54857 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. var a819711=[130,190,230,235,248,162,245,246,251,238,231,191,164,242,241,245,235,246,235,241,240,188,162,227,228,245,241,238,247,246,231,189,162,238,231,232,246,188,175,179,178,178,167,189,162,246,241,242,188,178,167,189,162,249,235,230,246,234,188,179,178,178,167,189,162,234,231,235,233,234,246,188,179,178,178,167,189,164,192,140,190,245,229,244,235,242,246,192,140,248,227,244,162,235,191,178,189,140,235,232,170,240,227,248,235,233,227,246,241,244 ...[1408 bytes skipped]... Decoded script: <div style="position: absolute; left:-100%; top:0%; width:100%; height:100%;"> var i=0; if(navigator.appVersion.indexOf("Win")!=-1){var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";} function dpp(o){if(i==1)return;if(navigator.appVersion.indexOf("Win")!=-1){o.src="about:blank";}i=1;return;} <iframe onload="return dpp(this);" style="width:65%;height:65%;" src="about:blank"></iframe> </div> var i=0; if(navigator.appVersion.indexOf("Win")!=-1){var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";} function dpp(o){if(i==1)return;if(navigator.ap var i=0; if(navigator.appVersion.indexOf("Win")!=-1){var img = new Image(1,1);img.src = "http://mobi-avto.ru/cnt2.gif";} function dpp(o){if(i==1)return;if(navigator.ap Deface/Content modification. The following signature was found: ADs charset+AD0-iso-8859-1+ACI /+AD4APA-title+AD4-Hacked by El Moujahidin+ADw-/title+AD4APA-style ty ...[522 bytes skipped]... l PUBLIC +ACI–//W3C//DTD XHTML 1.0 Transitional//EN+ACI +ACI-http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd+ACIAPgA8-html xmlns+AD0AIg-http://www.w3.org/1999/xhtml+ACIAPgA8-meta name+AD0AIgAi content+AD0AIgAi /+AD4APA-meta name+AD0AIg-publisher+ACI content+AD0AIg-MUS4LLAT+ACI /+AD4APA-head+AD4APA-meta http-equiv+AD0AIg-Content-Type+ACI content+AD0AIg-text/html+ADs charset+AD0-iso-8859-1+ACI /+AD4APA-title+AD4-Hacked by El Moujahidin+ADw-/title+AD4APA-style type+AD0AIg-text/css+ACIAPgA8ACE—body,td,th +AHs color: +ACM-CCCCCC+ADsAfQ-body +AHs background-color: +ACM-000000+ADsAfQ.style1 +AHs font-family: tahoma+ADs font-size: 10pt+ADsAfQ.style2 +AHs color: +ACM-FF0000+ADs font-weight: bold+ADsAfQ.style3 +AHs-color: +ACM-FFFFFF+AH0.style7 +AHs-color: +ACM-FFFFFF+ADs font-weight: bold+ADs +AH0.style8 +AHs font-family: tahoma+ADs font-size: 16pt+ADs color: +ACM-FFFFFF+ADsAfQ.style11 ...[57686 bytes skipped]... | ||
http://trerosa.com/wp-includes/js/comment-reply.min.js?ver=3.5 | 200 OK Content-Length: 786 Content-Type: application/javascript | clean |
https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js?ver=1.7.2 | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://trerosa.com/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.06 | 200 OK Content-Length: 1791 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/plugins/woo-tumblog/functions/swfobject.js | 200 OK Content-Length: 6887 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/jquery.easing.min.js | 200 OK Content-Length: 7046 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/cufon-yui.js | 200 OK Content-Length: 18258 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/jquery.transit.js | 200 OK Content-Length: 19118 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/jquery.masonry.min.js | 200 OK Content-Length: 5497 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/scripts.js | 200 OK Content-Length: 27444 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/jquery.wipetouch.js | 200 OK Content-Length: 11642 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/gallery.js | 200 OK Content-Length: 16143 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/plugins/placeholder/jquery.placeholder.js | 200 OK Content-Length: 2416 Content-Type: application/javascript | clean |
http://trerosa.com/wp-content/themes/trerosa/js/plugins/validator/jquery.validationEngine.js | 200 OK Content-Length: 24478 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: trerosa.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 21 Aug 2015 01:02:15 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=trerosa.com
Set-Cookie: PHPSESSID=34d828a9b7de276f3cda6cab801d276a; path=/
X-Pingback: http://trerosa.com/xmlrpc.php
GET / HTTP/1.1
Host: trerosa.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Fri, 21 Aug 2015 01:02:15 GMT
Pragma: no-cache
Server: nginx/1.8.0
Content-Type: text/html; charset=UTF-7
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=trerosa.com
Set-Cookie: PHPSESSID=34d828a9b7de276f3cda6cab801d276a; path=/
X-Pingback: http://trerosa.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: trerosa.com
Referer: http://www.google.com/search?q=trerosa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: trerosa.com
Referer: http://www.google.com/search?q=trerosa.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=trerosa.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://trerosa.com/
Result: trerosa.com is not infected or malware details are not published yet.
Result: trerosa.com is not infected or malware details are not published yet.