Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=rosepetalscafe.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.rosepetalscafe.com/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Connection: close Date: Thu, 25 Dec 2014 11:22:59 GMT Pragma: no-cache Location: http://rosepetalscafe.com/ Server: nginx/1.6.2 Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Thu, 19 Nov 1981 08:52:00 GMT Set-Cookie: PHPSESSID=8472f87c3004b1f18e87854a32013f88; path=/ X-Pingback: http://rosepetalscafe.com/xmlrpc.php | clean |
http://rosepetalscafe.com/ | 200 OK Content-Length: 20254 Content-Type: text/html | suspicious |
Page code contains blacklisted domain: 122.155.168.105 <!DOCTYPE html> <html lang="en-US"> <head> <meta charset="UTF-8" /> <title>Rose Petals Cafe | Waffles and More | Philadelphia, PA</title> <!-- Created by Artisteer v4.2.0.60483 --> <meta name="viewport" content="initial-scale = 1.0, maximum-scale = 1.0, user-scalable = no, width = device-width" /> <!--[if lt IE 9]><script src="https://html5shiv.googlecode.com/svn/trunk ...[4140 bytes skipped]... | ||
http://rosepetalscafe.com/wp-content/themes/rosepetals5/jquery.js?ver=3.9.2 | 200 OK Content-Length: 92629 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/instapress/fancybox/jquery.fancybox-1.3.4.pack.js?ver=1.3.4 | 200 OK Content-Length: 15624 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/revslider/rs-plugin/js/jquery.themepunch.revolution.min.js?ver=3.9.2 | 200 OK Content-Length: 81124 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/themes/rosepetals5/jquery-migrate-1.1.1.js?ver=3.9.2 | 200 OK Content-Length: 16174 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function( jQuery, window, undefined ) { var warnedAbout = {}; jQuery.migrateWarnings = []; jQuery.migrateMute = true; if ( !jQuery.migrateMute && window.console && console.log ) { console.log("JQMIGRATE: Logging is active"); } if ( jQuery.migrateTrace === undefined ) { jQuery.migrateTrace = true; } jQuery.migrateReset = function() { warnedAbout = {}; jQuery.migrateWarnings.length = 0; }; function migrateWarn( msg) { jQuery.event.add( document, name + "." + jQuery.guid, function() { jQuery.event.trigger( name, null, elem, true ); }); jQuery._data( this, name, jQuery.guid++ ); } return false; }, teardown: function() { if ( this !== document ) { jQuery.event.remove( document, name + "." + jQuery._data( this, name ) ); } return false; } }; } ); })( jQuery, window ); Antivirus reports:
| ||
http://rosepetalscafe.com/wp-content/themes/rosepetals5/script.js?ver=3.9.2 | 200 OK Content-Length: 55136 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/themes/rosepetals5/script.responsive.js?ver=3.9.2 | 200 OK Content-Length: 22366 Content-Type: application/javascript | clean |
http://122.155.168.105/ads/inpage/pub/collect.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://122.155.168.105/test404page.js | 500 timeout Content-Length: 30 Content-Type: text/plain | clean |
http://www.clickevents.com.my/scripts/collect.js | 200 OK Content-Length: 2920 Content-Type: application/x-javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/instapress/instapress.js?ver=1.5.4 | 200 OK Content-Length: 4426 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-includes/js/comment-reply.min.js?ver=3.9.2 | 200 OK Content-Length: 757 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.50.0-2014.02.05 | 200 OK Content-Length: 16305 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=3.8 | 200 OK Content-Length: 9630 Content-Type: application/javascript | clean |
http://rosepetalscafe.com/wp-content/plugins/testimonial-basics/js/katb_rotator_doc_ready.js?ver=1.0.0 | 200 OK Content-Length: 16733 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: rosepetalscafe.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 11:23:00 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://rosepetalscafe.com/>; rel=shortlink
Set-Cookie: PHPSESSID=64ee0c7209061e167d6047ed00fa9765; path=/
X-Pingback: http://rosepetalscafe.com/xmlrpc.php
GET / HTTP/1.1
Host: rosepetalscafe.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Connection: close
Date: Thu, 25 Dec 2014 11:23:00 GMT
Pragma: no-cache
Server: nginx/1.6.2
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Link: <http://rosepetalscafe.com/>; rel=shortlink
Set-Cookie: PHPSESSID=64ee0c7209061e167d6047ed00fa9765; path=/
X-Pingback: http://rosepetalscafe.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: rosepetalscafe.com
Referer: http://www.google.com/search?q=rosepetalscafe.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: rosepetalscafe.com
Referer: http://www.google.com/search?q=rosepetalscafe.com
Result:
The result is similar to the first query. There are no suspicious redirects found.