Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=retire-me.net
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: alanizhouse.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 10 Mar 2015 12:32:10 GMT
Server: Apache
Content-Length: 10299
Content-Type: text/html
X-Powered-By: PHP/5.3.29
...10299 bytes of data.
GET / HTTP/1.1
Host: alanizhouse.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 10 Mar 2015 12:32:10 GMT
Server: Apache
Content-Length: 10299
Content-Type: text/html
X-Powered-By: PHP/5.3.29
...10299 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: alanizhouse.com
Referer: http://www.google.com/search?q=alanizhouse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: alanizhouse.com
Referer: http://www.google.com/search?q=alanizhouse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
| Request | Server response | Status |
http://retire-me.net/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 10 Jan 2015 19:21:32 GMT Age: 0 Location: http://retireme.com Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | malicious |
http://retireme.com/ | 200 OK Content-Length: 20007 Content-Type: text/html | clean |
http://retireme.com/wp-content/plugins/image-rotator/image-click-js.php?ver=1.5 | 200 OK Content-Length: 856 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var request = false;
var newURL = false; function onRotatingImageClick(imgID, url) { newURL = url; request = irCreateXMLHttp(); if(request) { request.open("POST", "http://retireme.com/wp-content/plugins/image-rotator/image-click.php", true); request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); request.send('imgID='+imgID); } } function irCreateXMLHttp() { if(typeof XMLHttpRequest != "undefined") { return new XMLHttpRequest(); } else if (window.ActiveXOjbect) { var aVersions = ["MSXML2.XMLHttp.5.0", "MSXML2.XMLHttp.4.0" , "MSXML2.XMLHttp.3.0", "MSXML2.XMLHttp", "Microsoft.XMLHttp"]; for(var i = 0; i < aVersions.length; i++) { try { var oXmlHttp = new ActiveXObject(aVersions[i]); return oXmlHttp; } catch(ex) { } } } } Antivirus reports:
| ||
http://retireme.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://retireme.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/podcasting/js/tsg_new_window.js?ver=0.1 | 200 OK Content-Length: 509 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/orangebox/js/orangebox.min.js?ver=3.0.0 | 200 OK Content-Length: 27678 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.cycle.all.js?ver=4.0.1 | 200 OK Content-Length: 53738 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.metadata.v2.js?ver=4.0.1 | 200 OK Content-Length: 5259 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.touchwipe.1.1.1.js?ver=4.0.1 | 200 OK Content-Length: 2256 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/slideshow.js?ver=4.0.1 | 200 OK Content-Length: 2397 Content-Type: text/javascript | clean |
http://retireme.com/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/podcasting/player/audio-player-noswfobject.js?ver=2.0 | 200 OK Content-Length: 974 Content-Type: text/javascript | clean |
http://retireme.com/js/jquery-1.6.2.js | 200 OK Content-Length: 254164 Content-Type: text/javascript | clean |
http://retireme.com/js/functions.js | 200 OK Content-Length: 2930 Content-Type: text/javascript | clean |
http://retire-me.net//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: max-age=900 Connection: close Date: Sat, 10 Jan 2015 19:21:42 GMT Age: 0 Location: http://retireme.com/www.googleadservices.com/pagead/conversion.js/ Server: Microsoft-IIS/7.5 Content-Length: 0 Content-Type: text/html X-AspNet-Version: 4.0.30319 X-Powered-By: ASP.NET | malicious |
http://retireme.com/www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 302 Found Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 10 Jan 2015 19:21:42 GMT Pragma: no-cache Location: http://retireme.com Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_4188027127=54b17bc6f0e45; expires=Sat, 10-Jan-2015 19:51:42 GMT; path=/; httponly X-Pingback: http://retireme.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://retireme.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 10 Jan 2015 19:21:43 GMT Pragma: no-cache Location: http://retireme.com Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_4188027127=54b17bc79cef1; expires=Sat, 10-Jan-2015 19:51:43 GMT; path=/; httponly X-Pingback: http://retireme.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://retireme.com/wp-content/themes/retireMe/js/theme.script.js?ver=20120206 | 200 OK Content-Length: 259 Content-Type: text/javascript | clean |