Malicious/Suspicious Redirects
Request | Server response | Status |
URL: http://www.bingostart.nu/ (imitation of visitor from search engine) GET / HTTP/1.1 Host: www.bingostart.nu Referer: http://www.google.com/search?q=redirect+check1 | HTTP/1.1 301 Moved Permanently Connection: close Date: Mon, 29 Sep 2014 17:49:29 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 313 Content-Type: text/html; charset=iso-8859-1 | malicious |
Scanned pages/files
Request | Server response | Status |
http://www.bingostart.nu/ | 200 OK Content-Length: 7950 Content-Type: text/html | clean |
http://www.bingostart.nu/wp-content/themes/bingostartnu01/jquery.js?ver=3.9.2 | 200 OK Content-Length: 92629 Content-Type: application/javascript | clean |
http://www.bingostart.nu/wp-content/themes/bingostartnu01/jquery-migrate-1.1.1.js?ver=3.9.2 | 200 OK Content-Length: 16174 Content-Type: application/javascript | malicious |
Malicious code - confirmed by antiviruses (see below) (function( jQuery, window, undefined ) { var warnedAbout = {}; jQuery.migrateWarnings = []; jQuery.migrateMute = true; if ( !jQuery.migrateMute && window.console && console.log ) { console.log("JQMIGRATE: Logging is active"); } if ( jQuery.migrateTrace === undefined ) { jQuery.migrateTrace = true; } jQuery.migrateReset = function() { warnedAbout = {}; jQuery.migrateWarnings.length = 0; }; function migrateWarn( msg) { jQuery.event.add( document, name + "." + jQuery.guid, function() { jQuery.event.trigger( name, null, elem, true ); }); jQuery._data( this, name, jQuery.guid++ ); } return false; }, teardown: function() { if ( this !== document ) { jQuery.event.remove( document, name + "." + jQuery._data( this, name ) ); } return false; } }; } ); })( jQuery, window ); Antivirus reports:
| ||
http://www.bingostart.nu/wp-content/themes/bingostartnu01/script.js?ver=3.9.2 | 200 OK Content-Length: 50051 Content-Type: application/javascript | clean |
http://www.bingostart.nu/bingo-pa-natet/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 17:49:32 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://velydoctor.com/ | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://velydoctor.com/test404page.js | 500 Server closed connection without sending any data back Content-Length: 105 Content-Type: text/plain | clean |
http://www.bingostart.nu/bingo-med-jackpott/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 17:49:32 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.bingostart.nu/bingo-i-bingohall/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 17:49:33 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.bingostart.nu/bingotips/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 17:49:33 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
http://www.bingostart.nu/beroende/ | HTTP/1.1 302 Found Connection: close Date: Mon, 29 Sep 2014 17:49:33 GMT Location: http://velydoctor.com/ Server: Apache/2.2.22 (Debian) Vary: Accept-Encoding Content-Length: 289 Content-Type: text/html; charset=iso-8859-1 | clean |
Safe Browsing / Blacklists
Query: http://www.google.com/safebrowsing/diagnostic?site=bingostart.nu
Result: This site is not currently listed as suspicious.
Result: This site is not currently listed as suspicious.
Query: http://yandex.com/infected?l10n=en&url=http://bingostart.nu/
Result: bingostart.nu is not infected or malware details are not published yet.
Result: bingostart.nu is not infected or malware details are not published yet.