-counter.yadro.ru,88.212.201.195,,Multiple IPs,
88.212.196.124 ->
http://urlquery.net/report.php?id=1430828062628history-news dot org,212.193.229.222,ns3.nic.ru,Parked/expired,
Stealth Name Servers:
http://www.dnsinspect.com/nic.ru/1430828857Fortinet's Webfilter Malware Alerts 2 2015-05-05 2 -counter.yadro.ru/hit?t50.1;r;s1176*885*24;uhtxp%3A//history-news.org/;0.7981324612639449 Malware
2015-05-05 2 -counter.yadro.ru/hit?q;t50.1;r;s1176*885*24;uhtxp%3A//history-news.org/;0.7981324612639449 Malware
Netcraft Website Rep Status 1 red out of 10:
http://toolbar.netcraft.com/site_report?url=http://history-news.orgEncryption (HTTPS) (1) - static assigned Cable/DSL IP address
Communication is NOT encryptedPossible Frontend SPOF from:
fonts.googleapis.com - Whitelist
(98%) - <link rel='stylesheet' id='twentyfourteen-lato-css' href='//fonts.googleapis.com/css?family=Lato%3A300%2C400%2C700%2C900%2C300italic%2C400italic%2C700italic' type='text/css' media='all' />
vk.com - Whitelist
(48%) - <script type="text/javascript" src="//vk.com/js/api/openapi.js?98">
pagead2.googlesyndication.com - Whitelist
(15%) - <script type="text/javascript" src="htxp://pagead2.googlesyndication.com/pagead/show_ads.js">
Javascript check: suspicious: .....
Included Scripts: Suspect - please check list for unknown includes
Suspicious Script:
history-news.org///vk.com/js/api/openapi.js?98
Suspicious 404 Page:
Warning: Directory Indexing Enabled
Also blocked by any decent adblocker = htxp://top-fwz1.mail.ru/ and htxp://hit10.hotlog.ru/
Javascripts included:
-http://history-news.org/wp-includes/js/jquery/jquery.js?ver=1.11.0
-http://history-news.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
//vk.com/js/api/openapi.js?98
-http://www.simvolika.org/on.js
-http://pagead2.googlesyndication.com/pagead/show_ads.js
-http://history-news.org/wp-includes/js/masonry.min.js?ver=3.1.2
-http://history-news.org/wp-includes/js/jquery/jquery.masonry.min.js?ver=3.1.2
-http://history-news.org/wp-content/themes/twentyfourteen/js/functions.js?ver=20140319
Infested with malware according to Sucuri's:
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org ( View Payload )
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=16490
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?cat=4
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=16418
Website Malware malware-entry-mwblacklisted35 htxp://history-news.org/?p=15998( View Payload )
Suspicious domain detected. Details:
http://sucuri.net/malware/malware-entry-mwblacklisted35 <embed src="htxp://spu7.ru/banner/banner-spu.swf" rel="nofollow"
Now /export/banners from wXw.slavrus.net ->
https://www.mywot.com/en/scorecard/slavrus.net?utm_source=addon&utm_content=popup122 malicious files -> Detected reference to malicious blacklisted domain -top.mail.ru
blacklisted domain: htxp://top.mail.ru/jump?from%3D2093167 (blocked by an extension in client)
polonus