Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=theextramileregionfour.com
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Google as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://theextramileregionfour.com/ | 200 OK Content-Length: 34337 Content-Type: text/html | clean |
http://theextramileregionfour.com/wp-includes/js/jquery/jquery.js?ver=1.4.2 | 200 OK Content-Length: 77862 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function(A,w){function ma(){if(!c.isReady){try{s.documentElement.doScroll("left")}catch(a){setTimeout(ma,1);return}c.ready()}}function Qa(a,b){b.src?c.ajax({url:b.src,async:false,dataType:"script"}):c.globalEval(b.text||b.textContent||b.innerHTML||"");b.parentNode&&b.parentNode.removeChild(b)}function X(a,b,d,f,e,j){var i=a.length;if(typeof b==="object"){for(var o in b)X(a,o,b[o],f,e,d);return a}if(d!==w){f=!j&&f&&c.isFunction(d);for(o=0;o<i;o++)e(a[o],b,f?d.call(a[o] Antivirus reports:
| ||
http://theextramileregionfour.com/wp-content/themes/EarthlyTouch/js/idtabs.js | 200 OK Content-Length: 3495 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('(7($){$.F.q=7(){4 s={"b":B,"3":L,"5":B};o(4 i=0;i<t.8;++i){4 n={},a=t[i];M(m a){f"I":$.w(n,a);l;f"v":f"u":n.b=a;l;f"C":n["3"]=a;l;f"7":n.5=a;l};$.w(s,n)}4 j=2;4 e=$( Antivirus reports:
| ||
http://theextramileregionfour.com/wp-content/themes/EarthlyTouch/js/superfish.js | 200 OK Content-Length: 5912 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men Antivirus reports:
| ||
http://theextramileregionfour.com/wp-content/themes/EarthlyTouch/epanel/page_templates/js/fancybox/jquery.fancybox-1.2.6.pack.js?ver=1.3.2 | 200 OK Content-Length: 11727 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}(';(p($){$.q.1Q=p(){J O.2n(p(){n b=$(O).u(\'2o\');8(b.1d(/^3i\\(["\']?(.*\\.2p)["\']?\\)$/i)){b=3j.$1;$(O).u({\'2o\':\'3k\',\'1e\':"3l:3m.3n.3o(3p=D, 3q="+($(O).u(\'3r\' Antivirus reports:
| ||
http://theextramileregionfour.com/wp-content/themes/EarthlyTouch/epanel/page_templates/js/et-ptemplates-frontend.js?ver=1.1 | 200 OK Content-Length: 5932 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a[class^='fancybox']").fancybox({ 'overlayOpacity' : 0.7, 'overlayColor' : '#000000', 'zoomSpeedIn' : 500, 'zoomSpeedOut' : 500 }); var $portfolioItem = jQuery('.et_pt_gallery_entry'); $portfolioItem.find('.et_pt_item_image').css('background-color','#000000'); jQuery('.zoom-icon, .more-icon').css({'opacity':'0','visibility':'visible'}); $portfolioItem.hover(function(){ jQuery( Antivirus reports:
| ||
http://theextramileregionfour.com/?page_id=2 | 200 OK Content-Length: 17786 Content-Type: text/html | clean |
http://theextramileregionfour.com/wp-includes/js/comment-reply.js?ver=20090102 | 200 OK Content-Length: 2991 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) addComment={moveForm:function(d,f,i,c){var m=this,a,h=m.I(d),b=m.I(i),l=m.I("cancel-comment-reply-link"),j=m.I("comment_parent"),k=m.I("comment_post_ID");if(!h||!b||!l||!j){return}m.respondId=i;c=c||false;if(!m.I("wp-temp-form-div")){a=document.createElement("div");a.id="wp-temp-form-div";a.style.display="none";b.parentNode.insertBefore(a,b)}h.parentNode.insertBefore(b,h.nextSibling);if(k&&c){k.value=c}j.value=f;l.style.display="";l.onclick=function(){var n=addComment,e=n.I("wp-temp-form Antivirus reports:
| ||
http://theextramileregionfour.com/?page_id=724 | 200 OK Content-Length: 17793 Content-Type: text/html | clean |
http://theextramileregionfour.com/?page_id=164 | 200 OK Content-Length: 19693 Content-Type: text/html | clean |
http://theextramileregionfour.com/?page_id=235 | 200 OK Content-Length: 20664 Content-Type: text/html | clean |
http://theextramileregionfour.com/?page_id=668 | 200 OK Content-Length: 20738 Content-Type: text/html | clean |
http://theextramileregionfour.com/?cat=3 | 200 OK Content-Length: 26004 Content-Type: text/html | clean |
http://theextramileregionfour.com/?cat=4 | 200 OK Content-Length: 21224 Content-Type: text/html | clean |
http://theextramileregionfour.com/?cat=5 | 200 OK Content-Length: 25626 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: theextramileregionfour.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 04:51:13 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://theextramileregionfour.com/xmlrpc.php
X-Powered-By: PHP/5.3.29
GET / HTTP/1.1
Host: theextramileregionfour.com
Result:
HTTP/1.1 200 OK
Connection: close
Date: Wed, 04 Mar 2015 04:51:13 GMT
Server: Apache/2.2.22
Vary: User-Agent,Accept-Encoding
Content-Type: text/html; charset=UTF-8
X-Pingback: http://theextramileregionfour.com/xmlrpc.php
X-Powered-By: PHP/5.3.29
Second query (visit from search engine):
GET / HTTP/1.1
Host: theextramileregionfour.com
Referer: http://www.google.com/search?q=theextramileregionfour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: theextramileregionfour.com
Referer: http://www.google.com/search?q=theextramileregionfour.com
Result:
The result is similar to the first query. There are no suspicious redirects found.