See: https://www.virustotal.com/nl/domain/turizmy.net/information/
and https://www.virustotal.com/nl/ip-address/91.106.203.53/information/
See: https://www.virustotal.com/nl/url/615bf048326c5fb5e5c853d55432d00d23c25f2bf068214803b85bc9e5b089fc/analysis/
Potentially suspicious file on Quttera scan:
/wp-content/themes/shara/kar.js
Severity: Potentially Suspicious
Reason: Detected procedure that is commonly used in suspicious activity.
Details: Detected hidden JavaScript injectionunescape
Threat dump: http://jsunpack.jeek.org/?report=e89f770a2c77f93d594f44659a7ebc27c3dc023b
File size[byte]: 2509
File type: ASCII
MD5: DFD91E816C96AFF322E81023276BBA35
Scan duration[sec]: 0.017000
Javascript Check: Suspicious
image().src = “//counter.yadro dot ru/hit?r”+ escape(document.referrer)+((typeof(screen)==“undefined”)?“”: “;s”+screen.width+““+screen.height+””+(screen.colordepth? screen.colorde…
404 error check:
Suspicious
Suspicious 404 Page:
.ru/hit?r"+ escape(document.referrer)+((typeof(screen)==“undefined”)?“”: “;s”+screen.width+““+screen.height+””+(scre
See site is blacklisted, CMS software outdated and malware : http://sitecheck.sucuri.net/results/turizmy.net
About how the hack was performed, read: http://forum.parallels.com/showthread.php?78164-hacked-document-write(unescape
polonus
