Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lialia.lt
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lialia.lt/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lialia.lt/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 07 Apr 2014 23:40:04 GMT Location: http://www.lialia.lt/ Server: Apache Vary: Accept-Encoding Content-Length: 288 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lialia.lt/ | 200 OK Content-Length: 30910 Content-Type: text/html | clean |
http://www.lialia.lt/themes/template_lialia/cache/fcb704ec8ad24d8d09a290166043985b.js | 200 OK Content-Length: 102322 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function ps_round(value,precision) {if(typeof(roundMode)=='undefined') roundMode=2;if(typeof(precision)=='undefined') precision=2;method=roundMode;if(method==0) return ceilf(value,precision);else if(method==1) return floorf(value,precision);precisionFactor=precision==0?1:Math.pow(10,precision);return Math.round(value*precisionFactor)/precisionFactor;} function autoUrl(name,dest) {var loc;var id_list;id_list=document.getElementById(name);loc=id_list.options[id_list.sel toggleBranch($(this).prev().prev(),true);});toggleBranch($('ul.tree.dhtml .selected').prev(),true);$('ul.tree.dhtml span.grower').click(function(){toggleBranch($(this));});$('ul.tree.dhtml').addClass('dynamized');$('ul.tree.dhtml').removeClass('dhtml');}});; Antivirus reports:
| ||
http://connect.facebook.net/lt_LT/all.js | 200 OK Content-Length: 163337 Content-Type: application/x-javascript | clean |
http://lialia.lt/js/pluginDetect.js | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 07 Apr 2014 23:40:07 GMT Location: http://www.lialia.lt/js/pluginDetect.js Server: Apache Vary: Accept-Encoding Content-Length: 306 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.lialia.lt/js/plugindetect.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://www.lialia.lt/test404page.js | 404 Not Found Content-Length: 0 Content-Type: text/html | clean |
http://www.googleadservices.com/pagead/conversion.js | 200 OK Content-Length: 9125 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lialia.lt
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 07 Apr 2014 23:40:04 GMT
Location: http://www.lialia.lt/
Server: Apache
Vary: Accept-Encoding
Content-Length: 288
Content-Type: text/html; charset=iso-8859-1
...288 bytes of data.
GET / HTTP/1.1
Host: lialia.lt
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 07 Apr 2014 23:40:04 GMT
Location: http://www.lialia.lt/
Server: Apache
Vary: Accept-Encoding
Content-Length: 288
Content-Type: text/html; charset=iso-8859-1
...288 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lialia.lt
Referer: http://www.google.com/search?q=lialia.lt
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lialia.lt
Referer: http://www.google.com/search?q=lialia.lt
Result:
The result is similar to the first query. There are no suspicious redirects found.