Scanned pages/files
| Request | Server response | Status |
http://crowlacrosse.com/ | 200 OK Content-Length: 17736 Content-Type: text/html | suspicious |
Deface/Content modification. The following signature was found: Hacked by GhostKdi ...[12043 bytes skipped]... <div id="system-message-container"> </div> <div class="blog-featured"> <div class="items-leading"> <div class="leading-0"> <h2> <a href="/index.php/using-joomla/extensions/components/content-component/article-category-list/24-joomla"> Hacked by GhostKdi</a> </h2> <p style="text-align: center;"><img class="decoded" src="http://i.imgur.com/8iIL1Cx.png" border="0" alt="http://i.imgur.com/8iIL1Cx.png" width="487" height="484" /></p> <p style="text-align: center;"><span style="font-family: Trajan Pro; font-size: x-small;"><span style="text-shadow: 2px 0px 0.2em black, -2px 2px 0.2em Darkcyan, -2px -2px 0.2em black; color: #ffffff; font-family: Trajan Pro; font-size: x ...[8312 bytes skipped]... | ||
http://crowlacrosse.com/media/system/js/core.js | 200 OK Content-Length: 4225 Content-Type: text/javascript | clean |
http://crowlacrosse.com/media/system/js/mootools-core.js | 200 OK Content-Length: 88540 Content-Type: text/javascript | clean |
http://crowlacrosse.com/media/system/js/caption.js | 200 OK Content-Length: 800 Content-Type: text/javascript | clean |
http://crowlacrosse.com/media/system/js/mootools-more.js | 200 OK Content-Length: 238128 Content-Type: text/javascript | clean |
http://crowlacrosse.com/templates/beez_20/javascript/md_stylechanger.js | 200 OK Content-Length: 2104 Content-Type: text/javascript | clean |
http://crowlacrosse.com/templates/beez_20/javascript/hide.js | 200 OK Content-Length: 7735 Content-Type: text/javascript | clean |
http://crowlacrosse.com/index.php/sample-sites | 200 OK Content-Length: 13806 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/ | 200 OK Content-Length: 17746 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/getting-started | 200 OK Content-Length: 14518 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/using-joomla | 200 OK Content-Length: 13098 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/using-joomla/extensions | 200 OK Content-Length: 17471 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/using-joomla/ | 200 OK Content-Length: 13099 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/using-joomla/parameters | 200 OK Content-Length: 14657 Content-Type: text/html | clean |
http://crowlacrosse.com/index.php/using-joomla/getting-help | 200 OK Content-Length: 13447 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: crowlacrosse.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 22 Mar 2015 02:04:15 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 7c479866cabd173af87b527d792be7cf=eeiddr3ta9r9d2gttfj68aopi2; path=/
GET / HTTP/1.1
Host: crowlacrosse.com
Result:
HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: close
Date: Sun, 22 Mar 2015 02:04:15 GMT
Pragma: no-cache
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: 7c479866cabd173af87b527d792be7cf=eeiddr3ta9r9d2gttfj68aopi2; path=/
Second query (visit from search engine):
GET / HTTP/1.1
Host: crowlacrosse.com
Referer: http://www.google.com/search?q=crowlacrosse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: crowlacrosse.com
Referer: http://www.google.com/search?q=crowlacrosse.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=crowlacrosse.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://crowlacrosse.com/
Result: crowlacrosse.com is not infected or malware details are not published yet.
Result: crowlacrosse.com is not infected or malware details are not published yet.