Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.cltcentral.com/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.cltcentral.com Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 302 Moved Temporarily Connection: close Date: Fri, 29 Aug 2014 12:15:25 GMT Location: http://aprswl.ignorelist.com/ Server: Apache Content-Length: 0 Content-Type: text/html X-Powered-By: PHP/5.4.30 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.cltcentral.com/ | 200 OK Content-Length: 57192 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/swfobject/2.2/swfobject.js?ver=2.2 | 200 OK Content-Length: 10220 Content-Type: text/javascript | clean |
http://www.cltcentral.com/wp-content/plugins/adrotate/library/jquery.clicktracker.js?ver=0.5 | 200 OK Content-Length: 830 Content-Type: application/x-javascript | malicious |
Malicious code - confirmed by antiviruses (see below) jQuery(document).ready(function() { jQuery("a.gofollow").click(function(){ jQuery(this).each(function() { var tracker = jQuery(this).attr("data-track"); var debug = jQuery(this).attr("data-debug"); jQuery.post( '//' + location.host + '/wp-content/plugins/adrotate/library/clicktracker.php', { track: tracker } ); if(debug == 1) { alert('Tracker: ' + tracker + '\n\nTracker must be defined for clicktracking to work.'); } }); }); }); Antivirus reports:
| ||
http://www.cltcentral.com/wp-includes/js/jquery/jquery.js?ver=1.10.2 | 200 OK Content-Length: 93085 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | 200 OK Content-Length: 7200 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/epanel/shortcodes/js/et_shortcodes_frontend.js?ver=2.0 | 200 OK Content-Length: 10903 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/js/jquery.masonry.min.js | 200 OK Content-Length: 3451 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/js/superfish.js | 200 OK Content-Length: 3714 Content-Type: application/x-javascript | clean |
http://ajax.googleapis.com/ajax/libs/jqueryui/1.7.1/jquery-ui.min.js | 200 OK Content-Length: 185442 Content-Type: text/javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/js/cufon-yui.js | 200 OK Content-Length: 18257 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/js/League_Gothic_400.font.js | 200 OK Content-Length: 48519 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/themes/TheStyle/js/jquery.hoverIntent.minified.js | 200 OK Content-Length: 1606 Content-Type: application/x-javascript | clean |
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201435 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://s.gravatar.com/js/gprofiles.js?ver=2014Augaa | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://www.cltcentral.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.8.4 | 200 OK Content-Length: 930 Content-Type: application/x-javascript | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=cltcentral.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://cltcentral.com/
Result: cltcentral.com is not infected or malware details are not published yet.
Result: cltcentral.com is not infected or malware details are not published yet.