Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=retireme.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.retireme.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Wed, 14 Jan 2015 21:35:35 GMT Location: http://retireme.com/ Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Set-Cookie: wfvt_4188027127=54b6e128406ff; expires=Wed, 14-Jan-2015 22:05:36 GMT; path=/; httponly X-Pingback: http://retireme.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://retireme.com/ | 200 OK Content-Length: 20007 Content-Type: text/html | clean |
http://retireme.com/wp-content/plugins/image-rotator/image-click-js.php?ver=1.5 | 200 OK Content-Length: 856 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var request = false;
var newURL = false; function onRotatingImageClick(imgID, url) { newURL = url; request = irCreateXMLHttp(); if(request) { request.open("POST", "http://retireme.com/wp-content/plugins/image-rotator/image-click.php", true); request.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); request.send('imgID='+imgID); } } function irCreateXMLHttp() { if(typeof XMLHttpRequest != "undefined") { return new XMLHttpRequest(); } else if (window.ActiveXOjbect) { var aVersions = ["MSXML2.XMLHttp.5.0", "MSXML2.XMLHttp.4.0" , "MSXML2.XMLHttp.3.0", "MSXML2.XMLHttp", "Microsoft.XMLHttp"]; for(var i = 0; i < aVersions.length; i++) { try { var oXmlHttp = new ActiveXObject(aVersions[i]); return oXmlHttp; } catch(ex) { } } } } Antivirus reports:
| ||
http://retireme.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://retireme.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/podcasting/js/tsg_new_window.js?ver=0.1 | 200 OK Content-Length: 509 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/orangebox/js/orangebox.min.js?ver=3.0.0 | 200 OK Content-Length: 27678 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.cycle.all.js?ver=4.0.1 | 200 OK Content-Length: 53738 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.metadata.v2.js?ver=4.0.1 | 200 OK Content-Length: 5259 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/jquery.touchwipe.1.1.1.js?ver=4.0.1 | 200 OK Content-Length: 2256 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/meteor-slides/js/slideshow.js?ver=4.0.1 | 200 OK Content-Length: 2397 Content-Type: text/javascript | clean |
http://retireme.com/wp-includes/js/swfobject.js?ver=2.2-20120417 | 200 OK Content-Length: 10231 Content-Type: text/javascript | clean |
http://retireme.com/wp-content/plugins/podcasting/player/audio-player-noswfobject.js?ver=2.0 | 200 OK Content-Length: 974 Content-Type: text/javascript | clean |
http://retireme.com/js/jquery-1.6.2.js | 200 OK Content-Length: 254164 Content-Type: text/javascript | clean |
http://retireme.com/js/functions.js | 200 OK Content-Length: 2930 Content-Type: text/javascript | clean |
http://www.retireme.com//www.googleadservices.com/pagead/conversion.js/ | HTTP/1.1 302 Found Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 14 Jan 2015 21:35:47 GMT Pragma: no-cache Location: http://retireme.com Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_4188027127=54b6e133e73a9; expires=Wed, 14-Jan-2015 22:05:47 GMT; path=/; httponly X-Pingback: http://retireme.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://retireme.com/test404page.js | HTTP/1.1 302 Found Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Wed, 14 Jan 2015 21:35:48 GMT Pragma: no-cache Location: http://retireme.com Server: Apache Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Set-Cookie: wfvt_4188027127=54b6e13490f14; expires=Wed, 14-Jan-2015 22:05:48 GMT; path=/; httponly X-Pingback: http://retireme.com/xmlrpc.php X-Powered-By: PHP/5.4.32 | clean |
http://retireme.com/wp-content/themes/retireMe/js/theme.script.js?ver=20120206 | 200 OK Content-Length: 259 Content-Type: text/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: retireme.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Jan 2015 21:35:36 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_4188027127=54b6e12904626; expires=Wed, 14-Jan-2015 22:05:37 GMT; path=/; httponly
X-Pingback: http://retireme.com/xmlrpc.php
X-Powered-By: PHP/5.4.32
GET / HTTP/1.1
Host: retireme.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 14 Jan 2015 21:35:36 GMT
Server: Apache
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_4188027127=54b6e12904626; expires=Wed, 14-Jan-2015 22:05:37 GMT; path=/; httponly
X-Pingback: http://retireme.com/xmlrpc.php
X-Powered-By: PHP/5.4.32
Second query (visit from search engine):
GET / HTTP/1.1
Host: retireme.com
Referer: http://www.google.com/search?q=retireme.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: retireme.com
Referer: http://www.google.com/search?q=retireme.com
Result:
The result is similar to the first query. There are no suspicious redirects found.